4. Invalid unbound.conf / syntax error when attempting to override host via includ

Invalid unbound.conf / syntax error when attempting to override host via includ

  • B

    Hi there.

    It's taken quite some work, but i've gotten as far as i can.  I'm stuck!  Please help!  I am trying to create list of hosts that i'd like to block at the DNS layer.  I know that i can use the pfSense webUI to just add a host or domain override, but i want to do this in an automatic way and at scale.  Basically, i want to implement my own version of this block list:

    https://github.com/k0nsl/unbound-blocklist

    So, now it should be clear what i'm trying to do.
    –---

    Here's what I have done so far:

    • Via the webUI, i have added a directive to include my own config file.
    include: /var/unbound/my_blocks.conf
    • Via the webUI, i have added a host override for www.SomeHostToBlock.com in order to route all DNS queries for this example host to a loopback.  The last line of my host_entries.conf file looks like
    local-data: "www.SomeHostToBlock.com. A 127.0.0.1"

    This works!

    
$ dig +short www.SomeHostToBlock.com @pf_sense_ip
127.0.0.1

    So, now i try to move the line:

    local-data: "www.SomeHostToBlock.com. A 127.0.0.1"

    from the

    host_entries.conf file into the my_blocks.conf file.

    i do this over SSH with cp then nano to remove all but the last line and save the file and then i use the web UI to remove the host override / trigger a config rebuild / test.

    Here's the feedback i get:

    
The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/my_blocks.conf:1: error: syntax error
read /var/unbound/test/unbound.conf failed: 1 errors in configuration file

    The content of my_blocks.conf is identical to the last line of host_entries.conf before i used the webUI to remove that host override.

    SO!  My question.  Why does unbound refuse to parse my config file when i'm following the EXACT SAME pattern / using the EXACT SAME syntax that the webUI loads into host_entries.conf

    The moment i take the line i copies from host_entries out of my_blocks (making it an empty file again) unbound no longer complains about syntax!

    What am i doing wrong / please help me get unbound successfully blocking hosts!

    0
  • B

    Oh hey!

    I was able to fix it.
    I'm really not sure how i missed it, but i now have added a server: line above my_blocks

    It now reads as

    
server:
local-data: "www.SomeHostToBlock.com. A 127.0.0.1"

    I no longer need to have web hosts overridden through the webUI :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy