Trying to disable DNS Resolver, getting an error
-
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:
[1490775268] unbound-checkconf[6096:0] error: Could not open /var/unbound/test/unbound.conf: No such file or directoryThe test folder doesn't exist there. I tried to create it and save again, then got this error:
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/root.key: No such file or directory
[1490775417] unbound-checkconf[90759:0] fatal error: auto-trust-anchor-file: "/var/unbound/test/root.key" does not exist in chrootdir /var/unbound -
I know this is old, but it's the most recent topic on this I'm finding.
I have the exact same error, and I'm not finding any obvious fixes. I'm on 2.3.4.
I run the resolver instead of the forwarder so I can have DNSSEC (very nice if you use ssh's sshfp record stuff).
I also find that when DNS is screwed, the web UI is basically not usable. How does one work around that?
-
I know this is old, but it's the most recent topic on this I'm finding.
I have the exact same error, and I'm not finding any obvious fixes. I'm on 2.3.4.Strange.
What hardware ?
pfSense will not create a sub directory called /test in /var/unbound.
I'm using the resolver also on a classic PC configuration, using a normal hard disk, and the config files are present in /var/unbound :
There is one sub directory called, called /conf.d :[2.3.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/unbound: ls -al total 64 drwxr-xr-x 3 unbound unbound 512 Aug 14 07:20 . drwxr-xr-x 32 root wheel 512 Jul 14 21:58 .. -rw-r--r-- 1 root unbound 302 Aug 14 07:20 access_lists.conf drwxr-xr-x 2 unbound unbound 512 Jul 14 21:58 conf.d -rw-r--r-- 1 root unbound 1676 Aug 14 07:20 dhcpleases_entries.conf -rw-r--r-- 1 root unbound 3578 Nov 25 2015 dnsbl_cert.pem -rw-r--r-- 1 root unbound 0 Aug 14 07:20 domainoverrides.conf -rw-r--r-- 1 root unbound 5590 Aug 14 07:20 host_entries.conf -rw-r--r-- 1 root unbound 0 Jun 7 2016 pfb_dnsbl.conf -rw-r--r-- 1 root unbound 1216 May 30 2016 pfb_dnsbl_lighty.conf -rw-r--r-- 1 root unbound 300 Jan 29 2015 remotecontrol.conf -rw-r--r-- 1 unbound unbound 1252 Aug 14 07:20 root.key -rw-r--r-- 1 root unbound 1660 Aug 14 07:20 unbound.conf -rw-r----- 1 unbound unbound 1277 Jan 29 2015 unbound_control.key -rw-r----- 1 unbound unbound 802 Jan 29 2015 unbound_control.pem -rw-r----- 1 unbound unbound 1277 Jan 29 2015 unbound_server.key -rw-r----- 1 unbound unbound 790 Jan 29 2015 unbound_server.pem
If the file system is not writable, start checking for disk error (full, damaged, etc).
I run the resolver instead of the forwarder so I can have DNSSEC (very nice if you use ssh's sshfp record stuff).
I also find that when DNS is screwed, the web UI is basically not usable. How does one work around that?
If unbound can't write to disk, well, the GUI will complain or worse, die. Your entire pfSense will be crippled at best, blow up at worst.