Hi everyone,
Since we started using certctl for CA trust (also because FreeBSD ports curl moved to it) there is a small patch to Unbound DoT that needs widespread testing:
https://github.com/opnsense/core/commit/455e9d6e86d
# opnsense-patch 455e9d6e86d && pluginctl -s unbound restart
Functionally the two variants should be the same but the reality is that Unbound manual is very "mystic" about this particular option and all the tutorials on the Internet seem to prefer using the bundle file. All help testing this is welcome here.
Thanks,
Franco
Seems ready for 23.7.10 ? The attached kernel crash says you didn't break it.
Still not believing my eyes, I stopped AGH, sent all traffic through 127.0.0.1:53 and the 3 configured DoT servers lit up like a seasonal_tree:853 in pftop.
23.7.8_20/3.0.12
It seems to be working fine here, are there any specific things to test that you're particularly interested in?
I guess it might be a bit to early to say this, so I say it anyway and are ready to bit the dust later...
With this patch applied, Unbound works and behaves as expected. No more, for the moment I guess I need to add, max running Unbound process that load one core to 100%. It just behaves as expected. I have been waiting for this some time now, so well I guess I need to start that egg timer...
Yes, using /etc/ssl/cert.pem vs. /etc/ssl/certs/ is exactly the same outcome. The only question was whether to trust the documentation but that has been cleared up indeed. Thanks!
Still running as expected, no problem, and no 100% CPU Core process runaway stuff. This just works!
Works for me.™
Cheers
Maurice
Works here as well.
Working here :)
Patch applied and working. Many thanks.
Well the egg timer just stopped so now I know that the problem with 100% CPU in one core is not related to this fix.
Thanks for the help. Shipped this in 23.7.10.
Cheers,
Franco