Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
[SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1 (Read 8456 times)
unquietwiki
Newbie
Posts: 10
Karma: 2
[SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1
«
on:
August 06, 2015, 04:40:26 am »
Updated to 15.7.7_1 today, and had rebooted later on for a different reason. After coming back online, and changing some stuff in the DNS resolver config & restarting the service, an odd hiccup occurred. Started getting a lot of errors like the following, and the resolver service was stuck in down mode....
Aug 5 19:14:03 unbound: [1878:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
Aug 5 19:14:03 unbound: [1878:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
Aug 5 19:11:50 unbound: [44668:0] fatal error: could not set up remote-control
Aug 5 19:11:50 unbound: [44668:0] error: and additionally crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Aug 5 19:11:50 unbound: [44668:0] error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
Aug 5 19:11:50 unbound: [44668:0] error: Error in SSL_CTX use_certificate_file crypto error:02001002:system library:fopen:No such file or directory
Aug 5 19:11:50 unbound: [44668:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem
Doing some digging around, I was able to get it going again by using the SSH shell to do the following....
*
chown unbound:wheel /var/unbound
*
sudo -u unbound unbound-control-setup
*
chown -R root:wheel /var/unbound
*
unbound-control reload
The OS is running on an SSD, and I am using a "nano" build, so maybe this is some race condition?
«
Last Edit: August 07, 2015, 08:43:22 am by franco
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Weird hiccup with unbound DNS resolver in 15.7.7_1
«
Reply #1 on:
August 06, 2015, 07:14:26 am »
Hi there,
thanks for the detailed report and fix description.
I'm thinking this goes back to the missing chgrp/chown as we've found that some warnings were produced on previous versions when files would be written to the unbound root when it wasn't there. The previously committed mkdir does not suffice.
This is the fix, also committed to what'll become 15.7.8:
https://github.com/opnsense/core/commit/c8a304b0b7b3f8a381feba57de8f2ca96bcd87d9
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Weird hiccup with unbound DNS resolver in 15.7.7_1
«
Reply #2 on:
August 07, 2015, 08:43:10 am »
Since we put out another small amendment for firmware mirrors this fix unbound fix went in as well: 15.7.7_3.
Logged
unquietwiki
Newbie
Posts: 10
Karma: 2
Re: [SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1
«
Reply #3 on:
August 07, 2015, 08:55:23 pm »
Acknowledged that the fix is in. Thanks!!!
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1
«
Reply #4 on:
August 07, 2015, 10:06:03 pm »
Yay, cheers.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
[SOLVED] Weird hiccup with unbound DNS resolver in 15.7.7_1