OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: unquietwiki on August 06, 2015, 04:40:26 am

Title: [SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1
Post by: unquietwiki on August 06, 2015, 04:40:26 am
Updated to 15.7.7_1 today, and had rebooted later on for a different reason. After coming back online, and changing some stuff in the DNS resolver config & restarting the service, an odd hiccup occurred. Started getting a lot of errors like the following, and the resolver service was stuck in down mode....

Aug 5 19:14:03    unbound: [1878:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
Aug 5 19:14:03    unbound: [1878:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
Aug 5 19:11:50    unbound: [44668:0] fatal error: could not set up remote-control
Aug 5 19:11:50    unbound: [44668:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Aug 5 19:11:50    unbound: [44668:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
Aug 5 19:11:50    unbound: [44668:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
Aug 5 19:11:50    unbound: [44668:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem

Doing some digging around, I was able to get it going again by using the SSH shell to do the following....

* chown unbound:wheel /var/unbound
* sudo -u unbound unbound-control-setup
* chown -R root:wheel /var/unbound
* unbound-control reload

The OS is running on an SSD, and I am using a "nano" build, so maybe this is some race condition?
Title: Re: Weird hiccup with unbound DNS resolver in 15.7.7_1
Post by: franco on August 06, 2015, 07:14:26 am
Hi there,

thanks for the detailed report and fix description. :) I'm thinking this goes back to the missing chgrp/chown as we've found that some warnings were produced on previous versions when files would be written to the unbound root when it wasn't there. The previously committed mkdir does not suffice.

This is the fix, also committed to what'll become 15.7.8:

https://github.com/opnsense/core/commit/c8a304b0b7b3f8a381feba57de8f2ca96bcd87d9


Cheers,
Franco
Title: Re: Weird hiccup with unbound DNS resolver in 15.7.7_1
Post by: franco on August 07, 2015, 08:43:10 am
Since we put out another small amendment for firmware mirrors this fix unbound fix went in as well: 15.7.7_3.
Title: Re: [SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1
Post by: unquietwiki on August 07, 2015, 08:55:23 pm
Acknowledged that the fix is in. Thanks!!!  :)
Title: Re: [SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1
Post by: franco on August 07, 2015, 10:06:03 pm
Yay, cheers. :)