Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] DNS Resolver (Unbound) Unable to Start

    DHCP and DNS
    2
    3
    8.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dodiggitydag
      last edited by

      It is sad to have your network stop working abruptly just to find out your DNS Server is down!

      Error log for DNS Resolver whenever I try to start the service:

      Jan 15 13:46:32  unbound  7695:0  fatal error: failed to setup modules  
Jan 15 13:46:32  unbound  7695:0  error: module init for module validator failed  
Jan 15 13:46:32  unbound  7695:0  error: validator: could not apply configuration settings.  
Jan 15 13:46:32  unbound  7695:0  error: validator: error in trustanchors config  
Jan 15 13:46:32  unbound  7695:0  error: error reading auto-trust-anchor-file: /var/unbound/root.key  
Jan 15 13:46:32  unbound  7695:0  error: failed to read /root.key  
Jan 15 13:46:32  unbound  7695:0  notice: init module 0: validator

      Error when I try to update the configuration file:

      The following input errors were detected:
• The generated config file cannot be parsed by unbound. Please correct the following errors:
• /var/unbound/test/unbound_server.pem: No such file or directory
• [1516046660] unbound-checkconf[17975:0] fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist

      I noticed my DNS Resolver configuration no longer shows the interfaces I had originally selected.

      This happened to me on my custom hardware, so I purchased an SG-3100 two weeks ago.  Now I have the same issue after configuring the system from scratch.  Help!!

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @dodiggitydag:

        It is sad to have your network stop working abruptly just to find out your DNS Server is down… fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist
        ….

        Saw this a couple a weeks ago.

        It's time to find out the pfSense version … but I'll bet it isn't 2.4.2 (latest).

        Your SG-3100 device should be treated as any other computer that you un-box : before even looking at it, you ugrade - because what's in could be something from the far past.
        Just ... upgrade.
        And if there is a slightest problem, take out the re-install CD/DVD/USB and make your own - clean !! - device (no more Dell/Thosiba/Acer/Sony/Whatever bullshit software on your computer).

        The files it's looking for, should be in /var/unbound/test/ - or the test directory that doesn't exists.
        The file are all in /var/unbound/ : see for yourself :

        [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/unbound: ls -al
total 72
drwxr-xr-x   5 unbound  unbound   512 Jan 15 12:07 .
drwxr-xr-x  32 root     wheel     512 Dec 21 10:50 ..
-rw-r--r--   1 root     unbound   314 Jan 13 02:27 access_lists.conf
drwxr-xr-x   2 unbound  unbound   512 Dec 12 20:49 conf.d
-rw-r--r--   1 root     unbound  1676 Jan 13 02:27 dhcpleases_entries.conf
-rw-r--r--   1 root     unbound  3578 Nov 25  2015 dnsbl_cert.pem
-rw-r--r--   1 root     unbound     0 Jan 13 02:27 domainoverrides.conf
-rw-r--r--   1 root     unbound  5722 Jan 13 02:27 host_entries.conf
-rw-r--r--   1 root     unbound     0 Jun  7  2016 pfb_dnsbl.conf
-rw-r--r--   1 root     unbound  1216 May 30  2016 pfb_dnsbl_lighty.conf
-rw-r--r--   1 root     unbound   300 Jan 29  2015 remotecontrol.conf
-rw-r--r--   1 unbound  unbound  1252 Jan 15 12:06 root.key
-rw-r--r--   1 root     unbound  1823 Jan 13 02:27 unbound.conf
-rw-r-----   1 unbound  unbound  1277 Jan 29  2015 unbound_control.key
-rw-r-----   1 unbound  unbound   802 Jan 29  2015 unbound_control.pem
-rw-r-----   1 unbound  unbound  1277 Jan 29  2015 unbound_server.key
-rw-r-----   1 unbound  unbound   790 Jan 29  2015 unbound_server.pem
drwxr-xr-x   3 root     unbound   512 Jan  8 17:30 usr
drwxr-xr-x   3 root     unbound   512 Jan  8 17:30 var

        You saw it, no /test/ directory.

        But I advise you not to to anything. Install a new pfSEnse on your box. This will take 10 minutes or so (depend if the coffee is hot, or not) and walks you through a very important experience, if you need to do it ones more, in the future.
        Just do it, you won't regret it.
        We all installed our first pfSense on a machine for the first time.
        Go !

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • D
          dodiggitydag
          last edited by

          Hello Gertjan,
          I love your personality :P .  I am running the latest firmware; however, I agree that a reinstall will be necessary.  Throughout the day I've been losing my configuration across the whole firewall.  I found the issue-

          du -sh /var/log/*

          Revealed that Surricata log was taking 5.6G of the 7G drive.  LOL!  Now I looked at the config, and I think the logs should have rotated…perhaps logging TLS certs was a bad idea.

          I'll reinstall, that's something I'm very familiar doing (too many times).

          Thanks!!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.