unbound.conf:104: error: syntax error

  • 2.4.5-RELEASE-p1 (amd64)

    I was running 3 packages up until today at which point I removed pfblocker-devel as I thought this was the reason for my problem.

    I also run iperf3 and openvpn-export packages.

    I noticed pfblocker-devel needed an update a few days ago. Today I logged into SSH via my OpenVPN to clean up some old static IP that are no longer needed.

    I noticed unbound wasn't running. When I tried starting it I got some errors. I disabled pfblocker and unticked the 'save settings' option. Then removed the package completely.

    I've spent 4 hours trying to fix this today and I'm no closer.

    Somehow I got unbound to start but whenever I try to make particular changes to unbounds settings (forwarding mode for example) I get the following after clicking save.

    The following input errors were detected:

    The generated config file cannot be parsed by unbound. Please correct the following errors:
    /var/unbound/test/unbound.conf:104: error: syntax error
    read /var/unbound/test/unbound.conf failed: 1 errors in configuration file

    My unbound.conf is as follows;


    Unbound Configuration


    Server configuration


    chroot: /var/unbound
    username: "unbound"
    directory: "/var/unbound"
    pidfile: "/var/run/unbound.pid"
    use-syslog: yes
    port: 53
    verbosity: 1
    hide-identity: no
    hide-version: no
    harden-glue: yes
    do-ip4: yes
    do-ip6: no
    do-udp: yes
    do-tcp: yes
    do-daemonize: yes
    module-config: "iterator"
    unwanted-reply-threshold: 0
    num-queries-per-thread: 4096
    jostle-timeout: 200
    infra-host-ttl: 900
    infra-cache-numhosts: 10000
    outgoing-num-tcp: 10
    incoming-num-tcp: 10
    edns-buffer-size: 1232
    cache-max-ttl: 86400
    cache-min-ttl: 0
    harden-dnssec-stripped: no
    msg-cache-size: 4m
    rrset-cache-size: 8m

    num-threads: 4
    msg-cache-slabs: 4
    rrset-cache-slabs: 4
    infra-cache-slabs: 4
    key-cache-slabs: 4
    outgoing-range: 4096
    #so-rcvbuf: 4m

    prefetch: no
    prefetch-key: no
    use-caps-for-id: no
    serve-expired: no


    Unbound Statistics

    statistics-interval: 0
    extended-statistics: yes
    statistics-cumulative: yes

    TLS Configuration

    tls-cert-bundle: "/etc/ssl/cert.pem"

    Interface IP(s) to bind to

    interface-automatic: yes
    interface: ::0

    Outgoing interfaces to be used

    DNS Rebinding

    For DNS Rebinding prevention

    private-address: ::ffff:a00:0/104
    private-address: ::ffff:ac10:0/108
    private-address: ::ffff:a9fe:0/112
    private-address: ::ffff:c0a8:0/112
    private-address: fd00::/8
    private-address: fe80::/10

    Access lists

    include: /var/unbound/test/access_lists.conf

    Static host entries

    include: /var/unbound/test/host_entries.conf

    dhcp lease entries

    include: /var/unbound/test/dhcpleases_entries.conf

    Domain overrides

    include: /var/unbound/test/domainoverrides.conf


    name: "."

    Unbound custom options

    private-domain: "plex.direct"

    Remote Control Config

    include: /var/unbound/test/remotecontrol.conf

  • This :

    @chrisgtl said in unbound.conf:104: error: syntax error:

    /var/unbound/test/unbound.conf:104: error: syntax error

    has several clues.

    The "/test/" is something you could use on the forum for a Search. You find many references to your error (but I never really understood what was happening - I never saw these /test/ issues ).

    Line 104 doesn't exist in the config file you showed, which could indicate something isn't quoted correcly, or a user defined (name) field uses accents, etc.

    Check also :
    Free space on /var/unbound/
    Do a file system check (see the Netgate's video on Youtube about this )

  • Hello!

    Try :

    server:private-domain: "plex.direct"

    in your custom options.

    Adding, updating, or removing pfb can mess with your custom options, especially if you are depending on the "server" clause from pfb for your own custom directives.


  • @serbus : I guess you nailed it.

    pfBlockerNG-devel 'thinks' it's the only one filling in this box :


    other lines, entered by the admin, could be there also.

    This should be checked, as the format ( == syntax) is very important.

  • @serbus perfect! Thank you so much for helping me.