Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.2.4-RELEASE unbound resolver will not start with domain override.

    DHCP and DNS
    3
    5
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mschiek01
      last edited by

      I am not sure if this has been documented or not. I have multiple systems both i386 and amd64 some were upgraded from previous releases some are new installs.

      All of these systems exhibit the same problem with the resolver.  If a domain override is specified in the gui unbound will not start with an error.

      php-fpm[11436]: /services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:99: error: syntax error read /var/unbound/unbound.conf failed: 1 errors in configuration file [1443883129] unbound[25652:0] fatal error: Could not read config file: /var/unbound/unbound.conf'

      It took me a while to figure out the issue but it appears that the gui adds data to the file "/var/unbound/domainoverrides.conf"
      the data is:
      stub-zone:
      name: "domain.example"
      stub-addr: 0.0.0.0
      stub-prime: no

      This causes a syntax error and the service will not start.

      The data should be:
      server:
      stub-zone:
      name: "domain.example"
      stub-addr: 0.0.0.0
      stub-prime: no

      As a workaround the data can be added to the advanced options instead and the service will start properly and the domain will be resolved properly.

      I should note that I think this same problem occurs with the host override gui as well.

      Hope this helps someone as I spent quite a lot of time trying to figure out what I was doing wrong.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        huh???  Not sure what your doing, but I have lots of host over rides in the resolver gui, and have put in domain over rides as well without any issues.

        I would think if this was an actual problem there would be LOADS of people bringing it up..  Your doing something wrong, or have issues with your installs.

        overridesworksfine.png
        overridesworksfine.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          mschiek01
          last edited by

          I see what you are saying, but multiple installs?

          What are the contents of:  /var/unbound/domainoverrides.conf

          on your box.

          Also you are using the resolver not the legacy forwarder correct?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Yes I am using the resolver!!  Have been since it came out..

            [2.2.4-RELEASE][root@pfSense.local.lan]/root: cat /var/unbound/domainoverrides.conf
            stub-zone:
                    name: "domainover-ride.test"
                    stub-addr: 1.2.3.4
                    stub-prime: no
            stub-zone:
                    name: "test000.over"
                    stub-addr: 0.0.0.0
                    stub-prime: no
            [2.2.4-RELEASE][root@pfSense.local.lan]/root:

            Not sure why anyone would put 0.0.0.0 for an over ride other than trying to block something.. but since you mentioned it I put it in to see as well and see it doesn't stop pfsense resolver from running

            services.png
            services.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • B
              babbler
              last edited by

              Hi!

              A hint that might help:

              If you have something in your advanced section and it's not quite right it can cause that behavior.
              It works, until you start to use the domain overrides. This is because how the final config file built by pfsense.

              For example if you have just one line, like:

              outgoing-port-avoid: 0-32767

              it works, but if you put anything to the domain overrides it will cause a syntax error, because the outgoing-port-avoid will fall into the wrong section.

              To avoid that you must state the correct section for all of your advanced parameters:
              server:
              outgoing-port-avoid: 0-32767

              then the domain override will work again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.