Trying to disable DNS Resolver, getting an error



  • The following input errors were detected:
    The generated config file cannot be parsed by unbound. Please correct the following errors:
    [1490775268] unbound-checkconf[6096:0] error: Could not open /var/unbound/test/unbound.conf: No such file or directory

    The test folder doesn't exist there. I tried to create it and save again, then got this error:
    The following input errors were detected:
    The generated config file cannot be parsed by unbound. Please correct the following errors:
    /var/unbound/test/root.key: No such file or directory
    [1490775417] unbound-checkconf[90759:0] fatal error: auto-trust-anchor-file: "/var/unbound/test/root.key" does not exist in chrootdir /var/unbound



  • I know this is old, but it's the most recent topic on this I'm finding.

    I have the exact same error, and I'm not finding any obvious fixes.  I'm on 2.3.4.

    I run the resolver instead of the forwarder so I can have DNSSEC (very nice if you use ssh's sshfp record stuff).

    I also find that when DNS is screwed, the web UI is basically not usable.  How does one work around that?



  • @sporkme:

    I know this is old, but it's the most recent topic on this I'm finding.
    I have the exact same error, and I'm not finding any obvious fixes.  I'm on 2.3.4.

    Strange.
    What hardware ?
    pfSense will not create a sub directory called /test in /var/unbound.
    I'm using the resolver also on a classic PC configuration, using a normal hard disk, and the config files are present in /var/unbound :
    There is one sub directory called, called /conf.d :

    [2.3.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/unbound: ls -al
    total 64
    drwxr-xr-x   3 unbound  unbound   512 Aug 14 07:20 .
    drwxr-xr-x  32 root     wheel     512 Jul 14 21:58 ..
    -rw-r--r--   1 root     unbound   302 Aug 14 07:20 access_lists.conf
    drwxr-xr-x   2 unbound  unbound   512 Jul 14 21:58 conf.d
    -rw-r--r--   1 root     unbound  1676 Aug 14 07:20 dhcpleases_entries.conf
    -rw-r--r--   1 root     unbound  3578 Nov 25  2015 dnsbl_cert.pem
    -rw-r--r--   1 root     unbound     0 Aug 14 07:20 domainoverrides.conf
    -rw-r--r--   1 root     unbound  5590 Aug 14 07:20 host_entries.conf
    -rw-r--r--   1 root     unbound     0 Jun  7  2016 pfb_dnsbl.conf
    -rw-r--r--   1 root     unbound  1216 May 30  2016 pfb_dnsbl_lighty.conf
    -rw-r--r--   1 root     unbound   300 Jan 29  2015 remotecontrol.conf
    -rw-r--r--   1 unbound  unbound  1252 Aug 14 07:20 root.key
    -rw-r--r--   1 root     unbound  1660 Aug 14 07:20 unbound.conf
    -rw-r-----   1 unbound  unbound  1277 Jan 29  2015 unbound_control.key
    -rw-r-----   1 unbound  unbound   802 Jan 29  2015 unbound_control.pem
    -rw-r-----   1 unbound  unbound  1277 Jan 29  2015 unbound_server.key
    -rw-r-----   1 unbound  unbound   790 Jan 29  2015 unbound_server.pem
    
    

    If the file system is not writable, start checking for disk error (full, damaged, etc).

    I run the resolver instead of the forwarder so I can have DNSSEC (very nice if you use ssh's sshfp record stuff).

    @sporkme:

    I also find that when DNS is screwed, the web UI is basically not usable.  How does one work around that?

    If unbound can't write to disk, well, the GUI will complain or worse, die. Your entire pfSense will be crippled at best, blow up at worst.