Dear all,
It's the first time I do setup my own firewall. sorry for the perhaps obvious question.
I did read in the internet e.g. https://calomel.org/unbound_dns.html that for unbound you should use a root.hints file.
I downloaded the file
curl ftp://FTP.INTERNIC.NET/domain/named.cache -o /var/unbound/root.hints
And added in the custom options.
root-hints: /var/unbound/root.hints
After saving and restarting unbound, unbound does not reset. Red square in the upper right corner
Changing the login level to 5 doesn't show any hint why it does not start up.
The last entry is reading /root.hints.
Deleting the custom options, unbound does startup without any problem.
What do I do wrong?
Thanks a lot for the help.
Hi there,
Try...
# chown unbound:unbound /var/unbound/root.hints
Cheers,
Franco
Hello franco,
sorry for the late response, but I just come back today.
I did try it :
-rw-r--r-- 1 unbound unbound 3316 Dec 16 19:54 root.hints
But unfortunately unbound still doesn't start up.
Are additionally logs somewhere available, beside the log information in the web interface?
Thank you.
Floppsi.
Try with server:
server:
root-hints: /var/unbound/root.hints
Doesn't work unfortunately. Sever doesn't startup.
Attached you can find a screenshot of my setting. Perhaps I did do something wrong here.
Thanks a lot for the help
Just tried this and it works.
Download (note that is an insecure download you're doing and you should verify the file):
# curl ftp://FTP.INTERNIC.NET/domain/named.cache -o /var/unbound/root.hints
Change permission:
# chown unbound:unbound /var/unbound/root.hints
Add this to the advanced configuration remembering that the file lies in the root directory because of the chroot operation...
server:
root-hints: "/root.hints"
Cheers,
Franco
Hello Franco,
don't know what I do or what I did wrong, but it's not working. The server just doesn't start up anymore.
Thanks for the hint with the insecure download. I can use this https download
curl https://www.internic.net/domain/named.cache -o /var/unbound/root.hints
I checke the unbound.conf and the lines are added correct.
# Unbound custom options
include: /var/unbound/unbound_ad_servers
server:
root-hints: "/root.hints"
I deleted "include: /var/unbound/unbound_ad_servers" too, and gave it a try only with the root.hints.
That case didn't work too.
I opened the root.hints with "ee root.hints" and compared the content. That look OK too.
What ever I do wrong.
Anyway I wish you all Merry Christmas and nice days.
Thanks. Floppsi
Hi Floppsi,
You could try to remove all advanced options and reinstall Unbound from the System: Firmware: Packages page. Maybe there is an unrelated error here...
This may also not be correct, it is the full path, not the chroot path:
include: /var/unbound/unbound_ad_servers
Cheers,
Franco
You could try running `unbound-checkconf /var/unbound/unbound.conf` in a shell.
Hello Franco,
hello nallar,
Franco I followed your instructions and, removed all advanced options and saved the file. Reinstalled unbound and restarted the OPNsense completely. After that deleted the root.hints file and downloaded it new and changed the user and group. But unfortunately unbound still doesn't start.
When I use the command from nallar everything looks ok, even if unbound does not start.
root@OPNsense:/var/unbound # unbound-checkconf /var/unbound/unbound.conf
unbound-checkconf: no errors in /var/unbound/unbound.conf
Perhaps I should start completely over again with the installation of OPNsense.
Thanks a lot for the help here in the forum.
Hello Franco,
hello nallar,
I fixed my problem :-)
I just updated to FreeBSD 11.1
# opnsense-update -bkgr 18.1.b -n "snapshots\/beta"
# opnsense-update -L
# /usr/local/etc/rc.reboot
This solved my restart problem and by the way my root.hints problem.
Just added
server:
root-hints: "/root.hints"
and unbound does start up. No error message, and the green button is displayed.
Thanks a lot for the help again.
Floppsi
Yay, consider me happy. :)