• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] unbound - SSL handshake error

Scheduled Pinned Locked Moved DHCP and DNS
2 Posts 1 Posters 3.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fpv
    last edited by Sep 30, 2016, 8:27 AM Sep 29, 2016, 5:28 PM

    Hello!

    I seem to have a problem with unbound. I started a thread in the pfBlockerNG subforum, because that's where the error appeared to come from at first. Please have a look here.

    So when I execute

    unbound-control -c /var/unbound/unbound.conf status

    I get this

    error: SSL handshake failed
34386131464:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:

    Here's the unbound.conf

    ##########################
# Unbound Configuration
##########################

##
# Server configuration
##
server:

chroot: /var/unbound
username: "unbound"
directory: "/var/unbound"
pidfile: "/var/run/unbound.pid"
use-syslog: yes
port: 53
verbosity: 1
hide-identity: yes
hide-version: yes
harden-glue: yes
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
module-config: "iterator"
unwanted-reply-threshold: 0
num-queries-per-thread: 512
jostle-timeout: 200
infra-host-ttl: 900
infra-cache-numhosts: 10000
outgoing-num-tcp: 10
incoming-num-tcp: 10
edns-buffer-size: 4096
cache-max-ttl: 86400
cache-min-ttl: 0
harden-dnssec-stripped: no
msg-cache-size: 4m
rrset-cache-size: 8m

num-threads: 4
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
outgoing-range: 4096
#so-rcvbuf: 4m

prefetch: yes
prefetch-key: yes
use-caps-for-id: no
# Statistics
# Unbound Statistics
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yes

# Interface IP(s) to bind to
interface: 0.0.0.0
interface: ::0
interface-automatic: yes

# Outgoing interfaces to be used
outgoing-interface: 87.79.65.190

# DNS Rebinding
# For DNS Rebinding prevention
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 169.254.0.0/16
private-address: 192.168.0.0/16
private-address: fd00::/8
private-address: fe80::/10
# Set private domains in case authoritative name server returns a Private IP address
private-domain: "somedomain.loc"
domain-insecure: "somedomain.loc"

# Access lists
include: /var/unbound/access_lists.conf

# Static host entries
include: /var/unbound/host_entries.conf

# dhcp lease entries
include: /var/unbound/dhcpleases_entries.conf

# Domain overrides
include: /var/unbound/domainoverrides.conf

# Unbound custom options

###
# Remote Control Config
###

    I am running 2.3.2-RELEASE (amd64) on SSD with RAM disks for /tmp and /var.

    If need be the machine can be reinstalled, provided that I can reuse the config, but if someone does know what's wrong I'd like to try and fix it first.

    Thanks!

    1 Reply Last reply Reply Quote 0
    • F
      fpv
      last edited by Sep 30, 2016, 8:28 AM

      Update: Had another look this morning, and the error is gone. I rebooted because of something else yesterday evening, and that seems to have done it. I thought that only works for Windows. Strange.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received