Author Topic: [SOLVED] unbound-control error in OPNsense 17.1.4 (Read 5076 times)

opnfwb · « **on:** April 22, 2017, 11:28:23 pm »

I am encountering what looks to be a "bug" of some sort after updating to OPNsense 17.1.4.

When I SSH to OPNsense and I run "unbound-control stats_noreset", I get the following error:

Code: [Select]

/var/unbound/unbound.conf:28: error: unknown keyword 'serve-expired'
/var/unbound/unbound.conf:28: error: stray ':'
/var/unbound/unbound.conf:28: error: unknown keyword 'no'
read /var/unbound/unbound.conf failed: 3 errors in configuration file
[1492895555] unbound-control[90280:0] fatal error: could not read config file

Line 28 corresponds to a new "serve expired" checkbox that became available for me after installing 17.1.4. I've taken a screenshot of the corresponding checkbox that is also causing the config file error.

Is anyone else able to re-produce this on OPNsense 17.1.4?

franco · « **Reply #1 on:** April 24, 2017, 02:15:56 pm »

You are reloading the FreeBSD base Unbound, not the OPNsense bundled Unbound.

# chroot -u unbound -g unbound / unbound-control -c /var/unbound/remotecontrol.conf stats_noreset

Cheers,
Franco

opnfwb · « **Reply #2 on:** April 24, 2017, 02:56:21 pm »

Franco, thank you for the response. The command you provided works and I'm able to view unbound stats again. Do you have any idea why this changed on 17.1.4? I was previously able to issue "unbound-control stats_noreset" on 17.1.3 and prior and did not receive an error message. Was the config file moved on 17.1.4?

franco · « **Reply #3 on:** April 24, 2017, 03:02:34 pm »

FreeBSD bundles a 1.5 Unbound under /usr/sbin/unbound:

# /usr/sbin/unbound -v
[1493038721] unbound[835:0] notice: Start of unbound 1.5.8.
/var/unbound/unbound.conf:28: error: unknown keyword 'serve-expired'
/var/unbound/unbound.conf:28: error: stray ':'
/var/unbound/unbound.conf:28: error: unknown keyword 'yes'
read /var/unbound/unbound.conf failed: 3 errors in configuration file
[1493038721] unbound[835:0] fatal error: Could not read config file: /var/unbound/unbound.conf

OPNsense has for a long time had its own package for Unbound from the ports tree for easier updates:

# /usr/local/sbin/unbound -v
[1493038761] unbound[24043:0] notice: Start of unbound 1.6.1.

OPNsense 17.1.2 changed Unbound from 1.5 to 1.6, and 17.1.3 started to use serve-expired, which doesn't exist in 1.5. That's why you are seeing this error now.

https://github.com/opnsense/changelog/blob/1ff03acf86928/doc/17.1/17.1.2#L62
https://github.com/opnsense/changelog/blob/a6a4b23ce9f2/doc/17.1/17.1.3#L48

Cheers,
Franco

opnfwb · « **Reply #4 on:** April 24, 2017, 04:56:49 pm »

Excellent info Franco! Thank you for taking the time.

franco · « **Reply #5 on:** April 24, 2017, 05:37:48 pm »

Sure thing!

I've marked this [SOLVED], also closing a similar issue on GitHub:

https://github.com/opnsense/core/issues/1543

Cheers,
Franco

Author Topic: [SOLVED] unbound-control error in OPNsense 17.1.4 (Read 5076 times)

opnfwb

[SOLVED] unbound-control error in OPNsense 17.1.4

franco

Re: unbound-control error in OPNsense 17.1.4

opnfwb

Re: unbound-control error in OPNsense 17.1.4

franco

Re: unbound-control error in OPNsense 17.1.4

opnfwb

Re: unbound-control error in OPNsense 17.1.4

franco

Re: [SOLVED] unbound-control error in OPNsense 17.1.4