DNS Resolver Issue since 2.4.5 P1 upgrade from 2.4.4 P3
-
Hi,
Since updating to 2.4.5 P1 from 2.4.4 P3 i suffer from DNS Resolver Service failures that can only be resolved with a full reboot of the system.
Pre Reboot – DNS issue
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound_server.pem: No such file or directory
[1592837331] unbound-checkconf[8845:0] fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist
LS > /var/unbound/
access_lists.conf pfb_dnsbl_lighty.conf unbound.conf
dhcpleases_entries.conf remotecontrol.conf unbound_control.key
dnsbl_cert.pem root.key unbound_control.pem
domainoverrides.conf sslcert.crt unbound_server.key
host_entries.conf sslcert.key unbound_server.pem
pfb_dnsbl.conf test
LS > /var/unbound/test
access_lists.conf remotecontrol.conf unbound_control.key
dhcpleases_entries.conf request.cfg unbound_server.key
domainoverrides.conf root.key
host_entries.conf unbound.conf
System Logs for DNS Resolver:
Jun 22 15:35:05 unbound 18579:0 fatal error: failed to setup modules
Jun 22 15:36:05 unbound 39823:0 notice: init module 0: validator
Jun 22 15:36:05 unbound 39823:0 error: failed to read /root.key
Jun 22 15:36:05 unbound 39823:0 error: error reading auto-trust-anchor-file: /var/unbound/root.key
Jun 22 15:36:05 unbound 39823:0 error: validator: error in trustanchors config
Jun 22 15:36:05 unbound 39823:0 error: validator: could not apply configuration settings.
Jun 22 15:36:05 unbound 39823:0 error: module init for module validator failed
Jun 22 15:36:05 unbound 39823:0 fatal error: failed to setup modules
Jun 22 15:37:05 unbound 62519:0 notice: init module 0: validator
Jun 22 15:37:05 unbound 62519:0 error: failed to read /root.key
Jun 22 15:37:05 unbound 62519:0 error: error reading auto-trust-anchor-file: /var/unbound/root.key
Jun 22 15:37:05 unbound 62519:0 error: validator: error in trustanchors config
Jun 22 15:37:05 unbound 62519:0 error: validator: could not apply configuration settings.
Jun 22 15:37:05 unbound 62519:0 error: module init for module validator failed
Jun 22 15:37:05 unbound 62519:0 fatal error: failed to setup modules
Jun 22 15:38:05 unbound 77994:0 notice: init module 0: validator
Jun 22 15:38:05 unbound 77994:0 error: failed to read /root.key
Jun 22 15:38:05 unbound 77994:0 error: error reading auto-trust-anchor-file: /var/unbound/root.key
Jun 22 15:38:05 unbound 77994:0 error: validator: error in trustanchors config
Jun 22 15:38:05 unbound 77994:0 error: validator: could not apply configuration settings.
Jun 22 15:38:05 unbound 77994:0 error: module init for module validator failed
Jun 22 15:38:05 unbound 77994:0 fatal error: failed to setup modules
Jun 22 15:39:05 unbound 95835:0 notice: init module 0: validator
Jun 22 15:39:05 unbound 95835:0 error: failed to read /root.key
Jun 22 15:39:05 unbound 95835:0 error: error reading auto-trust-anchor-file: /var/unbound/root.key
Jun 22 15:39:05 unbound 95835:0 error: validator: error in trustanchors config
Jun 22 15:39:05 unbound 95835:0 error: validator: could not apply configuration settings.
Jun 22 15:39:05 unbound 95835:0 error: module init for module validator failed
Jun 22 15:39:05 unbound 95835:0 fatal error: failed to setup modules
Post Reboot – No DNS issue
LS > /var/unbound/
access_lists.conf pfb_dnsbl_lighty.conf unbound_control.key
dhcpleases_entries.conf remotecontrol.conf unbound_control.pem
dnsbl_cert.pem root.key unbound_server.key
domainoverrides.conf sslcert.crt unbound_server.pem
host_entries.conf sslcert.key
pfb_dnsbl.conf unbound.conf
-
@daNutz said in DNS Resolver Issue since 2.4.5 P1 upgrade from 2.4.4 P3:
...... /test/nbound_server.pem
Two solutions :
There are quiet a lot of references on this forum, using "/test/nbound_server.pem" - probably just looking for "/test/" will show them all. Do what is told there.
Plan B :- backup
- clean install
- Init with minimal (== just WAN) settings. Test if everything works ok.
- Now, import your backp. And again : Test if everything works ok.
- Done.
-
See https://redmine.pfsense.org/issues/10781
