2.1-BETA0 -> 2.1-BETA1 unbound won't install



  • Upgraded to the latest snapshot last night (2012-02-13 i386) and my DNS broke; apparently the unbound package isn't compatible with this version and didn't install after the upgrade, nor does it show in the available package listing. I assume due to '<maximum_version>2.1</maximum_version>'?

    I'm not sure how to force it to install for testing, but I don't see why it shouldn't work like it did in the previous snapshot. Is this intentional?



  • Try now. I have backed Unbound out from 2.1 and removed the maximum version restriction. So you should be good to go.



  • As an Unbound devotee from the old pfSense 2.01 days I immediately installed the package on latest pfSense 2.1 Snapshot 64 and could not get it to start. Reinstalled Squid 3 and still no luck.

    :(

    Anyone has it up and running?



  • I upgraded to the lastest NanoBSD snapshot (Thu Feb 14 16:27:42 EST 2013) to install Unbound. The Unbound package installs fine, but it does not seem to be installing any binaries, so unbound cannot work.

    [2.1-BETA1][root@pfsense-alix.local-lan]/root(4): find / | grep unbound_control
    [2.1-BETA1][root@pfsense-alix.local-lan]/root(5):
    

    Edit: If I get this right, it looks at http://files.pfsense.org/packages/8/All/ for unbound-1.4.19.tbz which is not there. But I don't get any error saying that it can't be found…


  • Rebel Alliance Developer Netgate

    2.1 doesn't use .tbz packages, it uses .pbi packages.

    Either way, the new version is uploaded now (tbz's for 2.0.x and pbi for 2.1)



  • Thanks, now the binaries are there. It still won't work, though. It runs with

    unbound -c /usr/pbi/unbound-i386/etc/unbound/unbound.conf
    

    but the actual config seems to reside here

    /usr/local/etc/unbound/unbound.conf
    

    That config would not work either, I guess:

    # unbound-checkconf /usr/local/etc/unbound/unbound.conf
    /usr/local/etc/unbound/unbound_server.key: No such file or directory
    [1360946053] unbound-checkconf[26439:0] fatal error: server-key-file: "/usr/local/etc/unbound/unbound_server.key" does not exist
    

    which is here:

    /usr/pbi/unbound-i386/etc/unbound/unbound_server.key
    

  • Rebel Alliance Developer Netgate

    Added a note to http://redmine.pfsense.org/issues/2817 for that. Will need fixes/changes to account for that by the maintainer.



  • Is the Unbound package fixed now so we can go in and try and install on 2.1 PfSense 64?


  • Rebel Alliance Developer Netgate

    I haven't seen any commits to it, and the ticket hasn't been updated, so I'd say probably not.



  • It says 100% done.

    Does this mean Unbound on 2.1 is fixed?


  • Rebel Alliance Developer Netgate

    That was referring to moving it to a package (out of the GUI)

    The package part still needs fixed. The maintainer knows, he'll get to it when he has time.



  • We have been using unbound for Quite some time. (pretty much the day
    unbound support started to appear on pfsense)

    all of our production pfsense boxes with Beta1 (and beta0) on them work fine PROVIDED
    your willing to use google and unbounds website to figure out the errors and
    how to fix them UNTIL the maintainer can fix it.

    been doing it for quite some time now and know my way around unbound and pfsense.
    (FreeBSD runs all of our Production Servers)

    i do the mods in the lab first and do my testing before rolling out changes to ALL of our
    pfsense boxes and thats after 30 days of testing hard in the lab.



  • Do you actually fix the unbound source code, or do you just move files around so that unbound can actually find them?



  • SunCatalyst

    Can you share the instructions on how to fix Unbound to work on pfSense 2.1 Beta 64?

    Is there a patched package you can upload somewhere?



  • i dont have any packages to share to fix things NOR would i want to step on the maintainers Toes. (wagonza)
    im sure he will get to it Soon.

    things like the key missing or a file missing , you have to be able to poke around to see what the
    fix is. sometimes its as simple as symbolic linking  a file thats in the wrong place to the correct place
    or grabbing unbound from FreeBSD's server itself and pull it apart to find the files you need.

    ive spent Numerous hours reading and figuring out unbound.

    Good Luck.



  • On a i386 system the following seems to get unbound working after the package install:

    At the console:

    ln -s /usr/pbi/unbound-i386/etc/unbound/unbound.conf /usr/local/etc/unbound/unbound.conf
    ln -s /usr/pbi/unbound-i386/etc/unbound/unbound_server.key /usr/local/etc/unbound/unbound_server.key
    ln -s /usr/pbi/unbound-i386/etc/unbound/unbound_server.pem /usr/local/etc/unbound/unbound_server.pem
    ln -s /usr/pbi/unbound-i386/etc/unbound/unbound_control.key /usr/local/etc/unbound/unbound_control.key
    ln -s /usr/pbi/unbound-i386/etc/unbound/unbound_control.pem /usr/local/etc/unbound/unbound_control.pem

    Something similar should do for the x64 version.



  • Hi guys,

    I got unbound installed and it works great…...for about an hour.

    This is the same thing it was doing the last time I tried it about a year ago.

    -Will



  • @survive:

    Hi guys,

    I got unbound installed and it works great…...for about an hour.

    This is the same thing it was doing the last time I tried it about a year ago.

    -Will

    Could you be anymore vague about so that we couldn't help you at all?

    But anyways, I'm running Unbound just fine on the 18.3 snapshot, x64 etc. Of course had to do the links by hand but otherwise works as it should.



  • Hi n1ko,

    I'd be less vague if I could. About all I can tell you is that unbound seems to work just great for about an hour and then all my DNS resolution stops working. Disable unbound, re-enable the dns forwarder & I'm back in business.

    I would expect that it's related to this:

    http://forum.pfsense.org/index.php/topic,43044.msg234009.html#msg234009

    as this is the exact same behavior I saw in January 2012.

    -Will



  • Unbound package seems to be broken for the past couple months.

    Is it abandoned by the developer?

    Should it be deleted from the 2.1 pfSense Packages?


  • Rebel Alliance Developer Netgate

    It's not abandoned, he's just been very busy lately.



  • Is there any real expectation that the unbound package will ever work in 2.1? This has been an open concern for about two months now.



  • In last week i installed unbound here and to work i copy the certs to /usr/local/etc folder (like jcyr posted) and installed the .tbz package (make package-recursive in freebsd 8.3). First installed by package manager in pfsense, secound install the .tbz. This is wrong way to do, but, it's working by 5 days now until the final solution (the pbi corrected with the new binaries).

    Best Regards.


  • Rebel Alliance Developer Netgate

    It will be fixed properly eventually. Either when the package maintainer gets time (he's really busy with work), or when someone else that's capable of fixing it steps up and submits some fixes for it.



  • Does unbound install and work correctly in 2.0.1? I'll gladly forgo IPV6 functionality for a working secure DNS.



  • jimp, have some howto to use the pbi build system just for pfsense ?.
    I can update the package always.

    Best Regards.


  • Rebel Alliance Developer Netgate

    The PBIs are fine, it's the package code that needs updated. Several other packages needed similar modifications (e.g. squid, snort, zabbix, nut, nrpe, avahi, bandwidthd, etc) it shouldn't be too hard to follow their lead in how things are fixed.


  • Administrator

    I did some adjustments on the package to have it working fine on 2.1. Please test and let me know if you find issues on it.



  • Sure… where is it?


  • Administrator

    @jcyr:

    Sure… where is it?

    Just reinstall the package and make sure it's on version 1.4.20.



  • System->Packages->Available Packages->Unbound says 1.4.20

    but install script and unbound logs say 1.4.19!!!

    Here's the uninstall output:

    Backing up libraries…
    Removing package...
    Starting package deletion for unbound-1.4.19-i386...done.
    Removing Unbound components...
    Tabs items... done.
    Menu items... done.
    Services... done.
    Loading package instructions...
    Deinstall commands... done.
    Removing package instructions...done.
    Auxiliary files... done.
    Package XML... done.
    Configuration... done.
    Cleaning up... done.

    Package deleted.



  • On my NanoBSD test system (ALIX), the configuration in /usr/pbi/unbound-i386/etc/unbound/unbound.conf only gets updated when I reinstall the package. Changing the interfaces to listen on and pressing "Save" has no effect on my system, the config does not change. I have updated the ticket.


  • Administrator

    @jcyr:

    System->Packages->Available Packages->Unbound says 1.4.20

    but install script and unbound logs say 1.4.19!!!

    pfSense package version is 1.4.20, PBI version is 1.4.19. You have the latest version, you can go ahead with tests.


  • Administrator

    @athurdent:

    On my NanoBSD test system (ALIX), the configuration in /usr/pbi/unbound-i386/etc/unbound/unbound.conf only gets updated when I reinstall the package. Changing the interfaces to listen on and pressing "Save" has no effect on my system, the config does not change. I have updated the ticket.

    Please update to 1.4.20_1 and try again


  • Rebel Alliance Developer Netgate

    Binaries are 1.4.20 now also. I bumped it to 1.4.20_2



  • Hangs during install since the 1.4.20_2 update:

    Beginning package installation for Unbound…
    Downloading package configuration file... done.
    Saving updated package information... done.
    Downloading Unbound and its dependencies...
    Checking for package installation... Loading package configuration... done.
    Configuring package components...
    Additional files... done.
    Loading package instructions...
    Custom commands...
    Executing custom_php_install_command()...

    Installs the service but not the GUI components



  • Hi guys,

    Is there any indication that the problems in this post:

    http://forum.pfsense.org/index.php/topic,43044.msg234009.html#msg234009

    have been corrected?

    I've been dying to use unbound with pfsense for going on a year but each time I've given it a shot it runs great for about an hour then all my dhcp leases drop & everything that uses dhcp goes off-line. I can quickly recover by disabling unbound and turning the dns forwarder back on.

    -Will



  • @jcyr:

    Installs the service but not the GUI components

    Same here, the GUI components won't show up anymore, reinstalling XML does not help.



  • @athurdent:

    @jcyr:

    Installs the service but not the GUI components

    Same here, the GUI components won't show up anymore, reinstalling XML does not help.

    I'll third it.
    I did a ground up install of 2.0.3 x86 yesterday and unbound is working.
    I did an upgrade from 2.0.2 x86 to 2.0.3 x86 today and am having the same issue mentioned just above.

    Poking around to see if I can come across a solution.


  • Administrator

    It was caused by a typo, 1.4.20_3 fixes the issue.


Locked