[SOLVED] DNS Resolver (Unbound) Unable to Start
-
It is sad to have your network stop working abruptly just to find out your DNS Server is down!
Error log for DNS Resolver whenever I try to start the service:
Jan 15 13:46:32 unbound 7695:0 fatal error: failed to setup modules Jan 15 13:46:32 unbound 7695:0 error: module init for module validator failed Jan 15 13:46:32 unbound 7695:0 error: validator: could not apply configuration settings. Jan 15 13:46:32 unbound 7695:0 error: validator: error in trustanchors config Jan 15 13:46:32 unbound 7695:0 error: error reading auto-trust-anchor-file: /var/unbound/root.key Jan 15 13:46:32 unbound 7695:0 error: failed to read /root.key Jan 15 13:46:32 unbound 7695:0 notice: init module 0: validator
Error when I try to update the configuration file:
The following input errors were detected: • The generated config file cannot be parsed by unbound. Please correct the following errors: • /var/unbound/test/unbound_server.pem: No such file or directory • [1516046660] unbound-checkconf[17975:0] fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist
I noticed my DNS Resolver configuration no longer shows the interfaces I had originally selected.
This happened to me on my custom hardware, so I purchased an SG-3100 two weeks ago. Now I have the same issue after configuring the system from scratch. Help!!
-
It is sad to have your network stop working abruptly just to find out your DNS Server is down… fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist
….Saw this a couple a weeks ago.
It's time to find out the pfSense version … but I'll bet it isn't 2.4.2 (latest).
Your SG-3100 device should be treated as any other computer that you un-box : before even looking at it, you ugrade - because what's in could be something from the far past.
Just ... upgrade.
And if there is a slightest problem, take out the re-install CD/DVD/USB and make your own - clean !! - device (no more Dell/Thosiba/Acer/Sony/Whatever bullshit software on your computer).The files it's looking for, should be in /var/unbound/test/ - or the test directory that doesn't exists.
The file are all in /var/unbound/ : see for yourself :[2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/unbound: ls -al total 72 drwxr-xr-x 5 unbound unbound 512 Jan 15 12:07 . drwxr-xr-x 32 root wheel 512 Dec 21 10:50 .. -rw-r--r-- 1 root unbound 314 Jan 13 02:27 access_lists.conf drwxr-xr-x 2 unbound unbound 512 Dec 12 20:49 conf.d -rw-r--r-- 1 root unbound 1676 Jan 13 02:27 dhcpleases_entries.conf -rw-r--r-- 1 root unbound 3578 Nov 25 2015 dnsbl_cert.pem -rw-r--r-- 1 root unbound 0 Jan 13 02:27 domainoverrides.conf -rw-r--r-- 1 root unbound 5722 Jan 13 02:27 host_entries.conf -rw-r--r-- 1 root unbound 0 Jun 7 2016 pfb_dnsbl.conf -rw-r--r-- 1 root unbound 1216 May 30 2016 pfb_dnsbl_lighty.conf -rw-r--r-- 1 root unbound 300 Jan 29 2015 remotecontrol.conf -rw-r--r-- 1 unbound unbound 1252 Jan 15 12:06 root.key -rw-r--r-- 1 root unbound 1823 Jan 13 02:27 unbound.conf -rw-r----- 1 unbound unbound 1277 Jan 29 2015 unbound_control.key -rw-r----- 1 unbound unbound 802 Jan 29 2015 unbound_control.pem -rw-r----- 1 unbound unbound 1277 Jan 29 2015 unbound_server.key -rw-r----- 1 unbound unbound 790 Jan 29 2015 unbound_server.pem drwxr-xr-x 3 root unbound 512 Jan 8 17:30 usr drwxr-xr-x 3 root unbound 512 Jan 8 17:30 var
You saw it, no /test/ directory.
But I advise you not to to anything. Install a new pfSEnse on your box. This will take 10 minutes or so (depend if the coffee is hot, or not) and walks you through a very important experience, if you need to do it ones more, in the future.
Just do it, you won't regret it.
We all installed our first pfSense on a machine for the first time.
Go ! -
Hello Gertjan,
I love your personality :P . I am running the latest firmware; however, I agree that a reinstall will be necessary. Throughout the day I've been losing my configuration across the whole firewall. I found the issue-du -sh /var/log/*
Revealed that Surricata log was taking 5.6G of the 7G drive. LOL! Now I looked at the config, and I think the logs should have rotated…perhaps logging TLS certs was a bad idea.
I'll reinstall, that's something I'm very familiar doing (too many times).
Thanks!!