DNS resolver / Unbound error



  • When trying to enable DNS resolver for the first time I get the following  error

    The following input errors were detected:

    The generated config file cannot be parsed by unbound. Please correct the following errors:
        [1484174085] unbound-checkconf[53534:0] error: cannot parse netblock: '/'
        [1484174085] unbound-checkconf[53534:0] fatal error: cannot parse access control address / allow

    I have tried with no ACLs and with a single ACL defined, but no luck. Is there any way of correcting this from the command line?



  • It seems pfSense scripts for whatever reason has decided to add the character '/' as a ip address which is obviously invalid syntax hence the error.

    You can fix the access control error by disabling automatic access control in the GUI and then manually specifying ACL's for your lan.

    the generated conf is at /var/unbound/unbound.conf so you can examine it.  You can even edit and restart manually in the cli, however be aware the boot script as well as any of the automated unbound restart scripts automatically generate a new config so the config would then get overwritten, it is much better to get the cause of the error fixed, whether its bad config or a bug.



  • Problem solved (after many months of playing with the config).
    Thank you for your rapid, helpful and clear reply ;D


Log in to reply