Unbound /resolver broke

grandrivers

2.2-BETA (amd64)
built on Fri Nov 14 07:17:32 CST 2014
FreeBSD 10.1-RELEASE
was using it now get this since last couple of days

Nov 14 14:53:30 php-fpm[24580]: /services_unbound.php: The command '/usr/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:91: error: syntax error read /var/unbound/unbound.conf failed: 1 errors in configuration file [1415994810] unbound[40993:0] fatal error: Could not read config file: /var/unbound/unbound.conf'

cmb

it's being worked on today.

grandrivers

Nov 14 22:39:07 php-fpm[7768]: /services_unbound.php: The command '/usr/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:93: error: syntax error read /var/unbound/unbound.conf failed: 1 errors in configuration file [1416022747] unbound[10518:0] fatal error: Could not read config file: /var/unbound/unbound.conf'

lastest snapshot
2.2-BETA (amd64)
built on Fri Nov 14 16:22:56 CST 2014
FreeBSD 10.1-RELEASE

cmb

not seeing any issues like that. What is line 93 in your /var/unbound/unbound.conf file?

phil.davis

When doing the recent change to actually implement the unbound advanced options, I noticed that the text that a user puts in the Advanced box (which becomes the custom-options section) is implemented by the underlying code putting each white-space-separated bit (each word) onto a separate line in the unbound config. That seemed a bit of an odd thing to do, but I did not like to change that code!
Prior to my "fixes" the text in the Advanced box was stored in the pfSense config, but never actually made it into unbound.conf
Now that it gets into unbound.conf people will see errors if it is wrong.
Perhaps first remove anything in the Advanced box and see if that helps.
Then someone can fix up/sort out in what form the Advanced box text should be written to unbound.conf

grandrivers

this auto populates advanced box

statistics-interval: 300;statistics-cumulative: no;extended-statistics: yes

Nov 15 13:56:25 php-fpm[25032]: /services_unbound.php: The command '/usr/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:93: error: syntax error read /var/unbound/unbound.conf failed: 1 errors in configuration file [1416077785] unbound[27189:0] fatal error: Could not read config file: /var/unbound/unbound.conf'

##########################

Unbound Configuration

##########################

Server configuration

server:
chroot: /var/unbound
username: "unbound"
directory: "/var/unbound"
pidfile: "/var/run/unbound.pid"
use-syslog: yes
port: 53
verbosity: 3
hide-identity: no
hide-version: no
harden-referral-path: no
harden-glue: yes
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
module-config: "validator iterator"
unwanted-reply-threshold: 0
num-queries-per-thread: 1024
jostle-timeout: 200
infra-host-ttl: 900
infra-lame-ttl: 900
infra-cache-numhosts: 10000
outgoing-num-tcp: 10
incoming-num-tcp: 10
edns-buffer-size: 4096
cache-max-ttl: 86400
cache-min-ttl: 0
harden-dnssec-stripped: no
msg-cache-size: 4m
num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
rrset-cache-size: 8m
outgoing-range: 462
#so-rcvbuf: 4m
auto-trust-anchor-file: /var/unbound/root.key
prefetch: yes
prefetch-key: yes

Statistics

Unbound Statistics

statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yes

Interface IP(s) to bind to

interface: 192.168.35.1
interface: 127.0.0.1
interface: ::1

Outgoing interfaces to be used

outgoing-interface: 174.130.18.151
outgoing-interface: 209.105.185.108

DNS Rebinding

For DNS Rebinding prevention

private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 192.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10

Set private domains in case authoritative name server returns a Private IP address

Access lists

include: /var/unbound/access_lists.conf

Static host entries

include: /var/unbound/host_entries.conf

Domain overrides

include: /var/unbound/domainoverrides.conf

Forwarding

forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4

Unbound custom options

statistics-interval:
300;statistics-cumulative:
no;extended-statistics:
yes

Remote Control Config

include: /var/unbound/remotecontrol.conf

grandrivers

all i know was my config was working just fine on weds 11/5 snapshot upgraded to fri and had to enable forwarder for dns

cmb

The code Phil referenced was a copy/paste from dnsmasq, which uses its advanced field differently since it needs those as command line arguments, not in a conf file. The problem was your advanced options were never used prior to a few days ago, and once that was fixed, they were put in wrong. That did need to be output differently.

I just pushed a fix for that. gitsync or upgrade to a snapshot on the 16th or newer and you should be in good shape.