OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: opnfwb on April 22, 2017, 11:28:23 pm

Title: [SOLVED] unbound-control error in OPNsense 17.1.4
Post by: opnfwb on April 22, 2017, 11:28:23 pm
I am encountering what looks to be a "bug" of some sort after updating to OPNsense 17.1.4.

When I SSH to OPNsense and I run "unbound-control stats_noreset", I get the following error:
Code: [Select]
/var/unbound/unbound.conf:28: error: unknown keyword 'serve-expired'
/var/unbound/unbound.conf:28: error: stray ':'
/var/unbound/unbound.conf:28: error: unknown keyword 'no'
read /var/unbound/unbound.conf failed: 3 errors in configuration file
[1492895555] unbound-control[90280:0] fatal error: could not read config file

Line 28 corresponds to a new "serve expired" checkbox that became available for me after installing 17.1.4. I've taken a screenshot of the corresponding checkbox that is also causing the config file error.

Is anyone else able to re-produce this on OPNsense 17.1.4?
Title: Re: unbound-control error in OPNsense 17.1.4
Post by: franco on April 24, 2017, 02:15:56 pm
You are reloading the FreeBSD base Unbound, not the OPNsense bundled Unbound.

# chroot -u unbound -g unbound / unbound-control -c /var/unbound/remotecontrol.conf stats_noreset


Cheers,
Franco
Title: Re: unbound-control error in OPNsense 17.1.4
Post by: opnfwb on April 24, 2017, 02:56:21 pm
Franco, thank you for the response. The command you provided works and I'm able to view unbound stats again. Do you have any idea why this changed on 17.1.4? I was previously able to issue "unbound-control stats_noreset" on 17.1.3 and prior and did not receive an error message. Was the config file moved on 17.1.4?
Title: Re: unbound-control error in OPNsense 17.1.4
Post by: franco on April 24, 2017, 03:02:34 pm
FreeBSD bundles a 1.5 Unbound under /usr/sbin/unbound:

# /usr/sbin/unbound -v
[1493038721] unbound[835:0] notice: Start of unbound 1.5.8.
/var/unbound/unbound.conf:28: error: unknown keyword 'serve-expired'
/var/unbound/unbound.conf:28: error: stray ':'
/var/unbound/unbound.conf:28: error: unknown keyword 'yes'
read /var/unbound/unbound.conf failed: 3 errors in configuration file
[1493038721] unbound[835:0] fatal error: Could not read config file: /var/unbound/unbound.conf

OPNsense has for a long time had its own package for Unbound from the ports tree for easier updates:

# /usr/local/sbin/unbound -v
[1493038761] unbound[24043:0] notice: Start of unbound 1.6.1.

OPNsense 17.1.2 changed Unbound from 1.5 to 1.6, and 17.1.3 started to use serve-expired, which doesn't exist in 1.5. That's why you are seeing this error now.

https://github.com/opnsense/changelog/blob/1ff03acf86928/doc/17.1/17.1.2#L62
https://github.com/opnsense/changelog/blob/a6a4b23ce9f2/doc/17.1/17.1.3#L48


Cheers,
Franco
Title: Re: unbound-control error in OPNsense 17.1.4
Post by: opnfwb on April 24, 2017, 04:56:49 pm
Excellent info Franco! Thank you for taking the time.
Title: Re: [SOLVED] unbound-control error in OPNsense 17.1.4
Post by: franco on April 24, 2017, 05:37:48 pm
Sure thing! :)

I've marked this [SOLVED], also closing a similar issue on GitHub:

https://github.com/opnsense/core/issues/1543


Cheers,
Franco