[SOLVED] unbound-control error in OPNsense 17.1.4

Started by opnfwb, April 22, 2017, 11:28:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 22, 2017, 11:28:23 PM Last Edit: April 24, 2017, 05:36:45 PM by franco
I am encountering what looks to be a "bug" of some sort after updating to OPNsense 17.1.4.

When I SSH to OPNsense and I run "unbound-control stats_noreset", I get the following error:
Code Select
/var/unbound/unbound.conf:28: error: unknown keyword 'serve-expired'
/var/unbound/unbound.conf:28: error: stray ':'
/var/unbound/unbound.conf:28: error: unknown keyword 'no'
read /var/unbound/unbound.conf failed: 3 errors in configuration file
[1492895555] unbound-control[90280:0] fatal error: could not read config file

Line 28 corresponds to a new "serve expired" checkbox that became available for me after installing 17.1.4. I've taken a screenshot of the corresponding checkbox that is also causing the config file error.

Is anyone else able to re-produce this on OPNsense 17.1.4?
April 24, 2017, 02:15:56 PM #1
You are reloading the FreeBSD base Unbound, not the OPNsense bundled Unbound.

# chroot -u unbound -g unbound / unbound-control -c /var/unbound/remotecontrol.conf stats_noreset


Cheers,
Franco
April 24, 2017, 02:56:21 PM #2
Franco, thank you for the response. The command you provided works and I'm able to view unbound stats again. Do you have any idea why this changed on 17.1.4? I was previously able to issue "unbound-control stats_noreset" on 17.1.3 and prior and did not receive an error message. Was the config file moved on 17.1.4?
April 24, 2017, 03:02:34 PM #3
FreeBSD bundles a 1.5 Unbound under /usr/sbin/unbound:

# /usr/sbin/unbound -v
[1493038721] unbound[835:0] notice: Start of unbound 1.5.8.
/var/unbound/unbound.conf:28: error: unknown keyword 'serve-expired'
/var/unbound/unbound.conf:28: error: stray ':'
/var/unbound/unbound.conf:28: error: unknown keyword 'yes'
read /var/unbound/unbound.conf failed: 3 errors in configuration file
[1493038721] unbound[835:0] fatal error: Could not read config file: /var/unbound/unbound.conf

OPNsense has for a long time had its own package for Unbound from the ports tree for easier updates:

# /usr/local/sbin/unbound -v
[1493038761] unbound[24043:0] notice: Start of unbound 1.6.1.

OPNsense 17.1.2 changed Unbound from 1.5 to 1.6, and 17.1.3 started to use serve-expired, which doesn't exist in 1.5. That's why you are seeing this error now.

https://github.com/opnsense/changelog/blob/1ff03acf86928/doc/17.1/17.1.2#L62
https://github.com/opnsense/changelog/blob/a6a4b23ce9f2/doc/17.1/17.1.3#L48


Cheers,
Franco
April 24, 2017, 04:56:49 PM #4
Excellent info Franco! Thank you for taking the time.
April 24, 2017, 05:37:48 PM #5
Sure thing! :)

I've marked this [SOLVED], also closing a similar issue on GitHub:

https://github.com/opnsense/core/issues/1543


Cheers,
Franco
Print
Go Up Pages1
User actions