[solved] unbound: SSL errors in the log file
I've started getting errors like this in the unbound log file every 5 seconds.
Jul 5 17:19:39 unbound 7095:0 error: remote control failed ssl crypto error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Jul 5 17:19:39 unbound 7095:0 notice: failed connection from 127.0.0.1 port 55918
Does anyone have a clue as to why this may be happening, or how to debug it? So far, I've not been able to find anything useful via google, nor anything obvious in the unbound configuration settings.
Any advice would be greatly appreciated.
Further investigation seems to show a problem with the unbound-control setup.
I ran unbound-control-setup and reboot the box and the errors have gone away.
I'm not sure if this actually solves the problem correctly, but it'll do for now.
Jul 5 17:19:39 unbound 7095:0 notice: failed connection from 127.0.0.1 port 55918
127.0.0.1, thus unbound running on pfSense is connecting to itself on 127.0.0.1
It should be unbound …..
I checked mine :
[2.3.4-RELEASE][firstname.lastname@example.org]/root: sockstat -4l | grep '53' root nginx 2534 6 tcp4 *:8002 *:* avahi avahi-daem 39464 14 udp4 *:5353 *:* unbound unbound 50878 6 udp4 *:53 *:* unbound unbound 50878 7 tcp4 *:53 *:* unbound unbound 50878 8 tcp4 127.0.0.1:953 *:*
You saw the '953' port ? I bet that is the "SSL channel" where unbound is listing on.
Something is wrong, so :
Jul 5 17:19:39 unbound 7095:0 error: remote control failed ssl crypto error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
I advice you to restart unbound and do what you always should do when something doesn't work : check the logs …
Most probably another instance is already running (not normal) or some other service.
That seems to be what the problem was.
Update: bind was causing the problem. I had installed the bind package, and somehow bind was running even though I didn't turn on the service,.
Solution: uninstall bind.
Not sure why bind was running. I didn't have the time to debug that problem, so the uninstallation worked and everything is fine now.
Thanks for the pointers.