OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: alexroz on May 15, 2021, 11:50:51 am
-
My Unbound DNS was disabled for number of months.
I used DNSCrypt-Proxy.
Now every time I trying to enable Unbound it crashing with following entries in a log:
2021-05-15T02:18:51 unbound[31761] [31761:0] fatal error: Could not set up local zones
2021-05-15T02:18:51 unbound[31761] [31761:0] error: Bad local-data RR RedmiNote8Pro-Re?)i.localdomain IN A 192.168.10.104
2021-05-15T02:18:51 unbound[31761] [31761:0] error: error parsing local-data at 32 'RedmiNote8Pro-Re?)i.localdomain IN A 192.168.xxx.xxx': Syntax error, could not parse the RR's type
2021-05-15T02:18:50 unbound[58301] daemonize unbound dhcpd watcher.
# unbound-checkconf /var/unbound/unbound.conf
[1621072722] unbound-checkconf[33451:0] error: error parsing local-data at 32 'RedmiNote8Pro-Re?)i.localdomain IN A 192.168.10.104': Syntax error, could not parse the RR's type
[1621072722] unbound-checkconf[33451:0] error: Bad local-data RR RedmiNote8Pro-Re?)i.localdomain IN A 192.168.x.x
[1621072722] unbound-checkconf[33451:0] fatal error: failed local-zone, local-data configuration
How can I fix it?
-
The error message looks like Unbound is choking on the RedmiNote entry. Is there a static entry for this device with special characters in the name? It seems like Unbound is having an issue with parsing this based on the error.
-
RedmiNote8Pro is a smartphone connected via WIFI to a VLAN with DHCP
-
From the log it almost looks like the hostname has special characters in it that is causing the problem? Either within the unbound config or on the device itself?
RedmiNote8Pro-Re?)i.localdomain
-
It's correct devise's hostname (in the devises own settings) contained social characters. But even after removing special characters unbound keep on crashing.
From my point of view it is looks like Unbounds huge vulnerability if invalid hostname can make a DNS server to crash.
-
I'm not a developer but I agree, it does seem odd that a bad character set can crash unbound. However most devices would also have input filters here to prevent network names that are not supported. So it's a bit of an issue with both the software on the device itself, and Unbound.
If Unbound is still crashing, it's likely due to an existing DHCP lease that still has the old name with the special characters present. I would double check that all of the existing DHCP leases are removed and see if Unbound stays running after that?
-
I already disconnected the device and made sure that the device does not appear on DHCP leases list.
But I still unable to start unbaound because it crashing with the same error.
-
If you re-run
unbound-checkconf /var/unbound/unbound.conf does it show the same error at line 32?
It seems like maybe there's a domain over ride somewhere that still uses the bad character set in the name?
-
Hi @opnfwb
Can you elaborate on this some more? I don't sure I understand do you mean.
-
The first post in this thread shows the results of unbound-checkconf. Are you able to re-run this and provide the current results?
-
Rerun of "unbound-checkconf /var/unbound/unbound.conf" provides exactly the same output (https://forum.opnsense.org/index.php?topic=23087.msg109794#msg109794). Аlthoug hostname of `RedmiNote8Pro-Re?` have been changed and received a new IP by DHCP.
I think that it is some case of dad lock. Unbound can't start because of bad record in it's old configuration. But unbound can't update that config and fix it because it cant start.
So my next question is: How to purge / reset to default Unbound DNS settings? (https://forum.opnsense.org/index.php?topic=23086.0)
-
Finally I been able to launch unbound after removing appropriate lines mentioning the problematic hostname from: /var/unbound/dhcpleases.conf
-
Nice. Glad you're back up and running :)
-
@opnfwb thank you for making me double-check everything and not letting me give up.