DNS over TLS causes Unbound to quit

[bagofbones]

Trying to setup DNS over TLS on my 23.1_6 install, and no matter what servers I add there, Unbound quits and refuses to start until I disable them. I have a feeling it might be because I'm running a multi-wan setup, but can't seem to find any error logs that point me in the right direction. Any help or guidance on where I can start looking?

Screenshot of my setup: https://imgur.com/a/x5YNN8k

[Fright]

DoT config looks ok at first glance
may be some custom settings?
can you try

Code Select Expand

opnsense-patch -a kulikov-a 26bec82
and reload unbound with DoTs?
may be this will help with startup error logging (should be in unbound log. if any)

[bagofbones]

Well, this helped narrow it down.  The error on startup is:

unbound-checkconf error. output was: /var/unbound/etc/plex.conf:1: error: syntax error;read /var/unbound/unbound.conf failed: 1 errors in configuration file;

Now, I can't figure out what is creating that plex.conf file.  I know I used it at one time for plex.direct but when I delete it and restart the service, it just comes back. 

[bagofbones]

And it looks like I fixed that too.  I had an old plex.conf file in /usr/local/etc/unbound.opnsense.d, deleted that, deleted the one in /var/unbound/etc, restarted unbound, and now DoT works.  Thanks for the patch!  Is there anything I need to remove?

[Fright]

glad it works

Is there anything I need to remove?

dont think so )
/usr/local/etc/unbound.opnsense.d is the place where the start script looks for config inclusions
patch is not merged. so it will be overwritten on update (so while it is better to remember what custom settings were made. this will help to find possible sources of problems faster  ;))