[SOLVED] Unbound does not start with root.hints file

[Floppsi1]

Dear all,

It's the first time I do setup my own firewall. sorry for the perhaps obvious question.
I did read in the internet e.g. https://calomel.org/unbound_dns.html that for unbound you should use a root.hints file.

I downloaded the file
curl ftp://FTP.INTERNIC.NET/domain/named.cache -o /var/unbound/root.hints

And added in the custom options.
root-hints: /var/unbound/root.hints

After saving and restarting unbound, unbound does not reset. Red square in the upper right corner
Changing the login level to 5 doesn't show any hint why it does not start up.
The last entry is reading /root.hints.

Deleting the custom options, unbound does startup without any problem.

What do I do wrong?

Thanks a lot for the help.

[franco]

Hi there,

Try...

# chown unbound:unbound /var/unbound/root.hints


Cheers,
Franco

[Floppsi1]

Hello franco,

sorry for the late response, but I just come back today.
I did try it :

-rw-r--r--  1 unbound  unbound    3316 Dec 16 19:54 root.hints

But unfortunately unbound still doesn't start up.
Are additionally logs somewhere available, beside the log information in the web interface?

Thank you.
Floppsi.

[nallar]

Try with server:

Code: [Select]

server:
    root-hints: /var/unbound/root.hints

[Floppsi1]

Doesn't work unfortunately. Sever doesn't startup.

Attached you can find a screenshot of my setting. Perhaps I did do something wrong here.

Thanks a lot for the help

[franco]

Just tried this and it works.

Download (note that is an insecure download you're doing and you should verify the file):

# curl ftp://FTP.INTERNIC.NET/domain/named.cache -o /var/unbound/root.hints

Change permission:

# chown unbound:unbound /var/unbound/root.hints

Add this to the advanced configuration remembering that the file lies in the root directory because of the chroot operation...

server:
    root-hints:  "/root.hints"


Cheers,
Franco

[Floppsi1]

Hello Franco,

don't know what I do or what I did wrong, but it's not working. The server just doesn't start up anymore.

Thanks for the hint with the insecure download. I can use this https download
curl https://www.internic.net/domain/named.cache -o /var/unbound/root.hints

I checke the unbound.conf and the lines are added correct.

 # Unbound custom options
include: /var/unbound/unbound_ad_servers
server:
 root-hints: "/root.hints"

I deleted "include: /var/unbound/unbound_ad_servers" too, and gave it a try only with the root.hints.
That case didn't work too.

I opened the root.hints with "ee root.hints" and compared the content. That look OK too.

What ever I do wrong.

Anyway I wish you all Merry Christmas and nice days.

Thanks. Floppsi

[franco]

Hi Floppsi,

You could try to remove all advanced options and reinstall Unbound from the System: Firmware: Packages page. Maybe there is an unrelated error here...

This may also not be correct, it is the full path, not the chroot path:

include: /var/unbound/unbound_ad_servers


Cheers,
Franco

[nallar]

You could try running `unbound-checkconf /var/unbound/unbound.conf` in a shell.

[Floppsi1]

Hello Franco,
hello nallar,

Franco I followed your instructions and, removed all advanced options and saved the file. Reinstalled unbound and restarted the OPNsense completely. After that deleted the root.hints file and downloaded it new and changed the user and group. But unfortunately unbound still doesn't start.

When I use the command from nallar everything looks ok, even if unbound does not start.
root@OPNsense:/var/unbound # unbound-checkconf /var/unbound/unbound.conf
unbound-checkconf: no errors in /var/unbound/unbound.conf

Perhaps I should start completely over again with the installation of OPNsense.

Thanks a lot for the help here in the forum.

[Floppsi1]

Hello Franco,
hello nallar,

I fixed my problem :-)
I just updated to FreeBSD 11.1

# opnsense-update -bkgr 18.1.b -n "snapshots\/beta"
# opnsense-update -L
# /usr/local/etc/rc.reboot

This solved my restart problem and by the way my root.hints problem.

Just added

server:
 root-hints: "/root.hints"

and unbound does start up. No error message, and the green button is displayed.

Thanks a lot for the help again.
Floppsi

[franco]

Yay, consider me happy.