/usr/local/etc/unbound.opnsense.d/dnsbl.conf no such file or directory

[slackadelic]

So, after updating to the latest release, I did see that some folks did have issues, however, I do not use suricata.  I think this issue might be a bit different, possibly.

Even after applying the latest patch _3 the issue still occurs.

root@tardis:/var/unbound # configctl unbound check
/var/unbound/etc/dnsblview.conf:11: error: cannot open include file '/usr/local/etc/unbound.opnsense.d/dnsbl.conf': No such file or directory
read /var/unbound/unbound.conf failed: 1 errors in configuration file


If I revert back to 22.7.8 with this: opnsense-revert -r 22.7.8 opnsense

Then reboot, unbound comes back up.  However, the instant I upgrade again, the above happens again.

I'm GUESSING it has something with moving dnsbl to a python module possibly?

Any insight would be nice.

Thank you!

[cookiemonster]

What problem are you trying to solve?

[slackadelic]

Unbound won't start after the update.

With the errors noted within the original post.

[cookiemonster]

That seems to be a file for block lists. Check if you have unbound set to use them. Try to get them updated, the file might get created.

[slackadelic]

Good suggestion; definitely tried that already.

I do not use the dnsbl in unbound so not sure why it's requiring that file to be available.   Even if I enable the blocklists and allow it to download the updated lists, the dnsbl.conf still does not get created.

[cookiemonster]

Right. I don't use them and I'll refrain from suggesting creating it just to pacify Unbound as it seems it shouldn't require it in your confiiguration. It might warrant logging as issue/defect/bug in github.
There was a hotfix announced Ii think today, but it might be to address something else.

[slackadelic]

Yeah the patch today addresses a different issue.

Even If I do satisfy the configctl command, the instant you try to start unbound, it fails, then configctl comes back with the same dnsbl.conf error of no such file or directory

[franco]

What's a "/var/unbound/etc/dnsblview.conf" ? Looks like a stray file or link we never had in our repo. Using overrides can be unforgiving. Plus it tries to check outside the chroot.. this doesn't look right.


Cheers,
Franco

[slackadelic]

I will take a look at that.  I think that file actually contains views for the server.

I'll look at renaming that then upgrading and see what happens.

That at least gives me a direction to go.

Thank you!

[slackadelic]

well, even if I try to remove that file, the instant I try to start the service, it recreates it.  I'm not even sure where that came from unless it's from an older version of unbound when it created the 'view' within unbound so that the dnsbl worked.

[franco]

Look at /usr/local/etc/unbound.opnsense.d/ -- this is where you can add persistent files :)


Cheers,
Franco

[slackadelic]

*facepalm*  Yep, got rid of the unneeded files in that directory and now the upgrade is fine.

I do believe those were used a while back for creating some sort of view to allow certain hosts to bypass the dnsbl back in the day.. hence why it was still there, and shows my horrible documentation because I forgot to document that manual change.

Thanks everyone for the assist!

[franco]

Ha, no problem, glad you found it. :)