DNS Resolver (unbound) / Can't change config
-
The file /var/unbound/pfb_dnsbl.conf only contains a logn list of local-data/local-zone entries
And I cannot save settings also if I remove the pfblocker include (using the gui)
-
well look into any included conf files.. since fro the conf posted there is no reference to that file.
-
[2.3.2-RELEASE][admin@pfSense.arda]/var/unbound: grep -R -i unbound_server.key * remotecontrol.conf: server-key-file: "/var/unbound/unbound_server.key"
Where else can I search? Is unbound chrooted?
[2.3.2-RELEASE][admin@pfSense.arda]/etc/inc: grep -R /unbound_server.key * unbound.inc: server-key-file: "{$g['unbound_chroot_path']}{$cfgsubdir}/unbound_server.key" [2.3.2-RELEASE][admin@pfSense.arda]/etc/inc:
[2.3.2-RELEASE][admin@pfSense.arda]/etc/inc: grep -R /test * unbound.inc: $cfgsubdir = "/test"; [2.3.2-RELEASE][admin@pfSense.arda]/etc/inc:
content of /etc/inc/unbound.inc
function test_unbound_config($unboundcfg, &$output) { global $g; $cfgsubdir = "/test"; unbound_generate_config($unboundcfg, $cfgsubdir); unbound_remote_control_setup($cfgsubdir); do_as_unbound_user("unbound-anchor", $cfgsubdir); $cfgdir = "{$g['unbound_chroot_path']}{$cfgsubdir}"; $rv = 0; exec("/usr/local/sbin/unbound-checkconf {$cfgdir}/unbound.conf 2>&1", $output, $rv); rmdir_recursive($cfgdir); return $rv; }
-
Just disable DNSSEC if you cannot get it working. Are you using some kind of RAM disks or nanobsd?
-
I cannot disable DNSSEC for the same error. I'm using the full 64bit release without ramdisk.
DNS resolver works but I cannot make any change. Reload works. -
Have you tried to reboot as suggested above? Also, no idea why did you use this thread since you definitely do NOT have the same error.
Anyway.
mkdir /var/unbound/test/ cp -ax /var/unbound/*.{key,pem} /var/unbound/test/
and try again.
-
Works only once: every time /var/unbound/test/ is deleted and I have to create again before saving settings
-
No idea what kind of legacy configuration crap have you imported on all of your boxes across some upgrades, sorry. You can try with 2.3.3 but I sincerely doubt it'd change anything. Other that that
- wipe /var/unbound altogether
- switch to DNS forwarder
- make a config backup, wipe everything between <unbound>…</unbound> tags, restore the config (will force a reboot)
- reconfigure the resolver from from scratch
-
Works only once: every time /var/unbound/test/ is deleted and I have to create again before saving settings
Same here too.
_The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound_server.key: No such file or directory
[1484738643] unbound-checkconf[70766:0] fatal error: server-key-file: "/var/unbound/test/unbound_server.key" does not exist_I have to execute this everytime there are changes to be made:
_ mkdir /var/unbound/test/
cp -ax /var/unbound/*.{key,pem} /var/unbound/test/_I am also getting this error on DNS Resolver log: (a lot of them)
notice: remote address is 192.168.2.245 port 53134
notice: sendmsg failed: No buffer space available -
Not sure where this /test dir is coming from.. I look on my /var/unbound dir and I don't see any test dir..
I can change my unbound conf without any issues.
Are you running 2.3.3 or 2.4 of pfsense??
-
I am currently using 2.3.2-RELEASE-p1
-
So from the code it looks like that sub dir is created but then removed after the test
function test_unbound_config($unboundcfg, &$output) { global $g; $cfgsubdir = "/test"; unbound_generate_config($unboundcfg, $cfgsubdir); unbound_remote_control_setup($cfgsubdir); do_as_unbound_user("unbound-anchor", $cfgsubdir); $cfgdir = "{$g['unbound_chroot_path']}{$cfgsubdir}"; $rv = 0; exec("/usr/local/sbin/unbound-checkconf {$cfgdir}/unbound.conf 2>&1", $output, $rv); rmdir_recursive($cfgdir); return $rv; }
rmdir_recursive($cfgdir);
So something is failing here? Just not sure what..
-
I'm also having this problem. Setup pfSense from scratch on 2.3.3_p1.
The below does indeed work once off, so I need to run it every time I change the configuration.
mkdir /var/unbound/test/ cp -ax /var/unbound/*.{key,pem} /var/unbound/test/
Is there a bug logged for it already?
-
For me the problem is gone away and I did nothing (neither reboot).
After updating to 2.3.3-p1 everything is still working.But now is happening again on another site with a fresh new installation of a 2.3.3-p1 ???
-
Ok, now I have the problem again.
Sometimes happens and usually a reboot fixes it. -
Just want to chime in here. Starting to see this on my pfsense running 2.3.3-RELEASE-p1 (amd64)
Configuration created from scratch so no "old crap" should be there. The workaround with mkdir and cp works.
Reboot doesn't solve this. -
So to Recap:
-
Reboots - DO NOT WORK
-
mkdir Test and cp config - Works once per saved change
-
move to forwarder, wipe unbound directory and return to resolver - ? ? ? ? ?
Anymore suggestions
This is the message I get when making any changes
The following input errors were detected: The generated config file cannot be parsed by unbound. Please correct the following errors: /var/unbound/test/root.key: No such file or directory [1494245590] unbound-checkconf[4967:0] fatal error: auto-trust-anchor-file: "/var/unbound/test/root.key" does not exist in chrootdir /var/unbound
I am running:
2.3.4-RELEASE (amd64) built on Wed May 03 15:13:29 CDT 2017 FreeBSD 10.3-RELEASE-p19 The system is on the latest version.
HELP!!!
-
-
Let me add to my previous, DNS is resolving all local addresses and appears to be working correctly.
But even if I attempt to make changes directly to the dhcp.conf, hostentries.conf or dhcpleases_entries.conf the changes to not persist after a process restart.So this unbound config validator issue I more spread than I thought and more annoying than willing to deal with.
-
I'm facing this problem too, although not been able to clearly determine when and what triggers this.
Depending on DNS configuration (but what?), I get this same error message.
As far as I remember, occurred with all 2.3.x version (currently running 2.3.4)I'm also facing problem with, if I'm not wrong, DNS stopping from time to time when DHCP registration is activated.
Weird :(
-
Created redmine ticket:
https://redmine.pfsense.org/issues/7600
Running this command lets me do it before each save:
echo 'mkdir /var/unbound/test; /usr/local/sbin/unbound-control-setup -d /var/unbound/test' | /usr/bin/su -m unbound