• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] DNS Resolver (Unbound) Unable to Start

Scheduled Pinned Locked Moved DHCP and DNS
3 Posts 2 Posters 8.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dodiggitydag
    last edited by Jan 16, 2018, 2:19 AM Jan 15, 2018, 8:11 PM

    It is sad to have your network stop working abruptly just to find out your DNS Server is down!

    Error log for DNS Resolver whenever I try to start the service:

    Jan 15 13:46:32  unbound  7695:0  fatal error: failed to setup modules  
Jan 15 13:46:32  unbound  7695:0  error: module init for module validator failed  
Jan 15 13:46:32  unbound  7695:0  error: validator: could not apply configuration settings.  
Jan 15 13:46:32  unbound  7695:0  error: validator: error in trustanchors config  
Jan 15 13:46:32  unbound  7695:0  error: error reading auto-trust-anchor-file: /var/unbound/root.key  
Jan 15 13:46:32  unbound  7695:0  error: failed to read /root.key  
Jan 15 13:46:32  unbound  7695:0  notice: init module 0: validator

    Error when I try to update the configuration file:

    The following input errors were detected:
• The generated config file cannot be parsed by unbound. Please correct the following errors:
• /var/unbound/test/unbound_server.pem: No such file or directory
• [1516046660] unbound-checkconf[17975:0] fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist

    I noticed my DNS Resolver configuration no longer shows the interfaces I had originally selected.

    This happened to me on my custom hardware, so I purchased an SG-3100 two weeks ago.  Now I have the same issue after configuring the system from scratch.  Help!!

    1 Reply Last reply Reply Quote 0
    • G
      Gertjan
      last edited by Jan 15, 2018, 8:58 PM

      @dodiggitydag:

      It is sad to have your network stop working abruptly just to find out your DNS Server is down… fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist
      ….

      Saw this a couple a weeks ago.

      It's time to find out the pfSense version … but I'll bet it isn't 2.4.2 (latest).

      Your SG-3100 device should be treated as any other computer that you un-box : before even looking at it, you ugrade - because what's in could be something from the far past.
      Just ... upgrade.
      And if there is a slightest problem, take out the re-install CD/DVD/USB and make your own - clean !! - device (no more Dell/Thosiba/Acer/Sony/Whatever bullshit software on your computer).

      The files it's looking for, should be in /var/unbound/test/ - or the test directory that doesn't exists.
      The file are all in /var/unbound/ : see for yourself :

      [2.4.2-RELEASE][admin@pfsense.brit-hotel-fumel.net]/var/unbound: ls -al
total 72
drwxr-xr-x   5 unbound  unbound   512 Jan 15 12:07 .
drwxr-xr-x  32 root     wheel     512 Dec 21 10:50 ..
-rw-r--r--   1 root     unbound   314 Jan 13 02:27 access_lists.conf
drwxr-xr-x   2 unbound  unbound   512 Dec 12 20:49 conf.d
-rw-r--r--   1 root     unbound  1676 Jan 13 02:27 dhcpleases_entries.conf
-rw-r--r--   1 root     unbound  3578 Nov 25  2015 dnsbl_cert.pem
-rw-r--r--   1 root     unbound     0 Jan 13 02:27 domainoverrides.conf
-rw-r--r--   1 root     unbound  5722 Jan 13 02:27 host_entries.conf
-rw-r--r--   1 root     unbound     0 Jun  7  2016 pfb_dnsbl.conf
-rw-r--r--   1 root     unbound  1216 May 30  2016 pfb_dnsbl_lighty.conf
-rw-r--r--   1 root     unbound   300 Jan 29  2015 remotecontrol.conf
-rw-r--r--   1 unbound  unbound  1252 Jan 15 12:06 root.key
-rw-r--r--   1 root     unbound  1823 Jan 13 02:27 unbound.conf
-rw-r-----   1 unbound  unbound  1277 Jan 29  2015 unbound_control.key
-rw-r-----   1 unbound  unbound   802 Jan 29  2015 unbound_control.pem
-rw-r-----   1 unbound  unbound  1277 Jan 29  2015 unbound_server.key
-rw-r-----   1 unbound  unbound   790 Jan 29  2015 unbound_server.pem
drwxr-xr-x   3 root     unbound   512 Jan  8 17:30 usr
drwxr-xr-x   3 root     unbound   512 Jan  8 17:30 var

      You saw it, no /test/ directory.

      But I advise you not to to anything. Install a new pfSEnse on your box. This will take 10 minutes or so (depend if the coffee is hot, or not) and walks you through a very important experience, if you need to do it ones more, in the future.
      Just do it, you won't regret it.
      We all installed our first pfSense on a machine for the first time.
      Go !

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • D
        dodiggitydag
        last edited by Jan 15, 2018, 11:27 PM

        Hello Gertjan,
        I love your personality :P .  I am running the latest firmware; however, I agree that a reinstall will be necessary.  Throughout the day I've been losing my configuration across the whole firewall.  I found the issue-

        du -sh /var/log/*

        Revealed that Surricata log was taking 5.6G of the 7G drive.  LOL!  Now I looked at the config, and I think the logs should have rotated…perhaps logging TLS certs was a bad idea.

        I'll reinstall, that's something I'm very familiar doing (too many times).

        Thanks!!

        1 Reply Last reply Reply Quote 1
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received