unbound.conf:104: error: syntax error

chrisgtl

2.4.5-RELEASE-p1 (amd64)

I was running 3 packages up until today at which point I removed pfblocker-devel as I thought this was the reason for my problem.

I also run iperf3 and openvpn-export packages.

I noticed pfblocker-devel needed an update a few days ago. Today I logged into SSH via my OpenVPN to clean up some old static IP that are no longer needed.

I noticed unbound wasn't running. When I tried starting it I got some errors. I disabled pfblocker and unticked the 'save settings' option. Then removed the package completely.

I've spent 4 hours trying to fix this today and I'm no closer.

Somehow I got unbound to start but whenever I try to make particular changes to unbounds settings (forwarding mode for example) I get the following after clicking save.

The following input errors were detected:

The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound.conf:104: error: syntax error
read /var/unbound/test/unbound.conf failed: 1 errors in configuration file

My unbound.conf is as follows;

##########################

Unbound Configuration

##########################

Server configuration

server:

chroot: /var/unbound
username: "unbound"
directory: "/var/unbound"
pidfile: "/var/run/unbound.pid"
use-syslog: yes
port: 53
verbosity: 1
hide-identity: no
hide-version: no
harden-glue: yes
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
module-config: "iterator"
unwanted-reply-threshold: 0
num-queries-per-thread: 4096
jostle-timeout: 200
infra-host-ttl: 900
infra-cache-numhosts: 10000
outgoing-num-tcp: 10
incoming-num-tcp: 10
edns-buffer-size: 1232
cache-max-ttl: 86400
cache-min-ttl: 0
harden-dnssec-stripped: no
msg-cache-size: 4m
rrset-cache-size: 8m

num-threads: 4
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
outgoing-range: 4096
#so-rcvbuf: 4m

prefetch: no
prefetch-key: no
use-caps-for-id: no
serve-expired: no

Statistics

Unbound Statistics

statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yes

TLS Configuration

tls-cert-bundle: "/etc/ssl/cert.pem"

Interface IP(s) to bind to

interface-automatic: yes
interface: 0.0.0.0
interface: ::0

Outgoing interfaces to be used

DNS Rebinding

For DNS Rebinding prevention

private-address: 127.0.0.0/8
private-address: 10.0.0.0/8
private-address: ::ffff:a00:0/104
private-address: 172.16.0.0/12
private-address: ::ffff:ac10:0/108
private-address: 169.254.0.0/16
private-address: ::ffff:a9fe:0/112
private-address: 192.168.0.0/16
private-address: ::ffff:c0a8:0/112
private-address: fd00::/8
private-address: fe80::/10

Access lists

include: /var/unbound/test/access_lists.conf

Static host entries

include: /var/unbound/test/host_entries.conf

dhcp lease entries

include: /var/unbound/test/dhcpleases_entries.conf

Domain overrides

include: /var/unbound/test/domainoverrides.conf

Forwarding

forward-zone:
name: "."
forward-addr: 1.1.1.2
forward-addr: 1.0.0.2

Unbound custom options

private-domain: "plex.direct"

Remote Control Config

include: /var/unbound/test/remotecontrol.conf

Gertjan

This :

@chrisgtl said in unbound.conf:104: error: syntax error:

/var/unbound/test/unbound.conf:104: error: syntax error

has several clues.

The "/test/" is something you could use on the forum for a Search. You find many references to your error (but I never really understood what was happening - I never saw these /test/ issues ).

Line 104 doesn't exist in the config file you showed, which could indicate something isn't quoted correcly, or a user defined (name) field uses accents, etc.

Check also :
Free space on /var/unbound/
Do a file system check (see the Netgate's video on Youtube about this )

serbus

Hello!

Try :

server:private-domain: "plex.direct"

in your custom options.

Adding, updating, or removing pfb can mess with your custom options, especially if you are depending on the "server" clause from pfb for your own custom directives.

John

Gertjan

@serbus : I guess you nailed it.

pfBlockerNG-devel 'thinks' it's the only one filling in this box :

other lines, entered by the admin, could be there also.

This should be checked, as the format ( == syntax) is very important.

chrisgtl

@serbus perfect! Thank you so much for helping me.