Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] unbound - SSL handshake error

    DHCP and DNS
    1
    2
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fpv
      last edited by

      Hello!

      I seem to have a problem with unbound. I started a thread in the pfBlockerNG subforum, because that's where the error appeared to come from at first. Please have a look here.

      So when I execute

      unbound-control -c /var/unbound/unbound.conf status

      I get this

      error: SSL handshake failed
34386131464:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-232/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185:

      Here's the unbound.conf

      ##########################
# Unbound Configuration
##########################

##
# Server configuration
##
server:

chroot: /var/unbound
username: "unbound"
directory: "/var/unbound"
pidfile: "/var/run/unbound.pid"
use-syslog: yes
port: 53
verbosity: 1
hide-identity: yes
hide-version: yes
harden-glue: yes
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
module-config: "iterator"
unwanted-reply-threshold: 0
num-queries-per-thread: 512
jostle-timeout: 200
infra-host-ttl: 900
infra-cache-numhosts: 10000
outgoing-num-tcp: 10
incoming-num-tcp: 10
edns-buffer-size: 4096
cache-max-ttl: 86400
cache-min-ttl: 0
harden-dnssec-stripped: no
msg-cache-size: 4m
rrset-cache-size: 8m

num-threads: 4
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
outgoing-range: 4096
#so-rcvbuf: 4m

prefetch: yes
prefetch-key: yes
use-caps-for-id: no
# Statistics
# Unbound Statistics
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yes

# Interface IP(s) to bind to
interface: 0.0.0.0
interface: ::0
interface-automatic: yes

# Outgoing interfaces to be used
outgoing-interface: 87.79.65.190

# DNS Rebinding
# For DNS Rebinding prevention
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 169.254.0.0/16
private-address: 192.168.0.0/16
private-address: fd00::/8
private-address: fe80::/10
# Set private domains in case authoritative name server returns a Private IP address
private-domain: "somedomain.loc"
domain-insecure: "somedomain.loc"

# Access lists
include: /var/unbound/access_lists.conf

# Static host entries
include: /var/unbound/host_entries.conf

# dhcp lease entries
include: /var/unbound/dhcpleases_entries.conf

# Domain overrides
include: /var/unbound/domainoverrides.conf

# Unbound custom options

###
# Remote Control Config
###

      I am running 2.3.2-RELEASE (amd64) on SSD with RAM disks for /tmp and /var.

      If need be the machine can be reinstalled, provided that I can reuse the config, but if someone does know what's wrong I'd like to try and fix it first.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • F
        fpv
        last edited by

        Update: Had another look this morning, and the error is gone. I rebooted because of something else yesterday evening, and that seems to have done it. I thought that only works for Windows. Strange.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.