I know this issue has been around for a bit but I've not seen a solid answer for it.
What is the work around here? This system is fully updated btw.
List of services running:
Works great on a clean install, but this FW has been up for a bit.
KOM last edited by
This thread had a few suggestions, like disabling DNSSEC.
Were you running pfBlocker at some point?
@kom No, we've never run anything of the sort on this machine. Pretty much any advice I've seen online I've tried and ruled out thus far.
The only way I've seen it work is with a fresh install and this is a core router, which I can't really do that with.
KOM last edited by
I just checked my config and I don't have any test folder with root.key inside. Take a look in /var/unbound/unbound.conf. Look at all the included files and check them for references to /test/root.key. It's got to be there somewhere.
You could also try the nuclear option:
- disable resolver
- enable forwarder
- take a config.xml backup
- manually edit it and remove everything between the <unbound></unbound> tags
- install fresh, restore your config then disable forwarder and enable resolver
I would love to enable Forwarder, but I can't..that error pops up preventing it from starting.
I'll check the rest here. Let you know what I find.
Try to run this command and see if that fixes it:
unbound-anchor -a /var/unbound/root.key
If not, In the /var/unbound/ folder, delete these four files and reboot:
unbound_control.key unbound_control.pem unbound_server.key unbound_server.pem
You appear to have the DNS Forwarder (dnsmasq) running in the screenshot above. You cannot enabled the DNS Resolver at the same time unless one is not listening on port 53.
I had tried that previously and it didn't work. There is a upgrade/reboot planned for next Sunday
In the screenshot it may have been running, but I assure you that when I tried the change, I did have it turned off.
Ok, so you're using the Forwarder just because the Resolver won't start currently?
Correct. It works on the other FW's just fine, but this one, because it's the main, can't just be taken down when wanted. Too many other services behind it that can break and all teams need to be on board when a reboot is required in case those services really bork.