[SOLVED] Unbound does not start with root.hints file

Floppsi1 · December 17, 2017, 06:24:04 AM

Dear all,

It's the first time I do setup my own firewall. sorry for the perhaps obvious question.
I did read in the internet e.g. https://calomel.org/unbound_dns.html that for unbound you should use a root.hints file.

I downloaded the file
curl ftp://ftp.internic.net/domain/named.cache -o /var/unbound/root.hints

And added in the custom options.
root-hints: /var/unbound/root.hints

After saving and restarting unbound, unbound does not reset. Red square in the upper right corner
Changing the login level to 5 doesn't show any hint why it does not start up.
The last entry is reading /root.hints.

Deleting the custom options, unbound does startup without any problem.

What do I do wrong?

Thanks a lot for the help.

franco · December 17, 2017, 06:35:29 PM

Hi there,

Try...

# chown unbound:unbound /var/unbound/root.hints

Cheers,
Franco

Floppsi1 · December 22, 2017, 01:02:30 PM

Hello franco,

sorry for the late response, but I just come back today.
I did try it :

-rw-r--r-- 1 unbound unbound 3316 Dec 16 19:54 root.hints

But unfortunately unbound still doesn't start up.
Are additionally logs somewhere available, beside the log information in the web interface?

Thank you.
Floppsi.

nallar · December 22, 2017, 06:17:23 PM

Try with server:

Code Select

server:
    root-hints: /var/unbound/root.hints

Floppsi1 · December 23, 2017, 04:11:34 AM

Doesn't work unfortunately. Sever doesn't startup.

Attached you can find a screenshot of my setting. Perhaps I did do something wrong here.

Thanks a lot for the help

franco · December 23, 2017, 03:44:20 PM

Just tried this and it works.

Download (note that is an insecure download you're doing and you should verify the file):

# curl ftp://ftp.internic.net/domain/named.cache -o /var/unbound/root.hints

Change permission:

# chown unbound:unbound /var/unbound/root.hints

Add this to the advanced configuration remembering that the file lies in the root directory because of the chroot operation...

server:
root-hints: "/root.hints"

Cheers,
Franco

Floppsi1 · December 24, 2017, 02:49:09 AM

Hello Franco,

don't know what I do or what I did wrong, but it's not working. The server just doesn't start up anymore.

Thanks for the hint with the insecure download. I can use this https download
curl https://www.internic.net/domain/named.cache -o /var/unbound/root.hints

I checke the unbound.conf and the lines are added correct.

# Unbound custom options
include: /var/unbound/unbound_ad_servers
server:
root-hints: "/root.hints"

I deleted "include: /var/unbound/unbound_ad_servers" too, and gave it a try only with the root.hints.
That case didn't work too.

I opened the root.hints with "ee root.hints" and compared the content. That look OK too.

What ever I do wrong.

Anyway I wish you all Merry Christmas and nice days.

Thanks. Floppsi

franco · December 24, 2017, 10:14:43 AM

Hi Floppsi,

You could try to remove all advanced options and reinstall Unbound from the System: Firmware: Packages page. Maybe there is an unrelated error here...

This may also not be correct, it is the full path, not the chroot path:

include: /var/unbound/unbound_ad_servers

Cheers,
Franco

nallar · December 24, 2017, 03:56:34 PM

You could try running `unbound-checkconf /var/unbound/unbound.conf` in a shell.

Floppsi1 · December 24, 2017, 04:37:32 PM

Hello Franco,
hello nallar,

Franco I followed your instructions and, removed all advanced options and saved the file. Reinstalled unbound and restarted the OPNsense completely. After that deleted the root.hints file and downloaded it new and changed the user and group. But unfortunately unbound still doesn't start.

When I use the command from nallar everything looks ok, even if unbound does not start.
root@OPNsense:/var/unbound # unbound-checkconf /var/unbound/unbound.conf
unbound-checkconf: no errors in /var/unbound/unbound.conf

Perhaps I should start completely over again with the installation of OPNsense.

Thanks a lot for the help here in the forum.

Floppsi1 · December 30, 2017, 02:27:06 AM

Hello Franco,
hello nallar,

I fixed my problem :-)
I just updated to FreeBSD 11.1

# opnsense-update -bkgr 18.1.b -n "snapshots\/beta"
# opnsense-update -L
# /usr/local/etc/rc.reboot

This solved my restart problem and by the way my root.hints problem.

Just added

server:
root-hints: "/root.hints"

and unbound does start up. No error message, and the green button is displayed.

Thanks a lot for the help again.
Floppsi

franco · December 30, 2017, 12:52:45 PM

Yay, consider me happy. :)

[SOLVED] Unbound does not start with root.hints file

Floppsi1

December 17, 2017, 06:24:04 AM Last Edit: December 30, 2017, 12:52:17 PM by franco

franco

December 17, 2017, 06:35:29 PM #1

Floppsi1

December 22, 2017, 01:02:30 PM #2

nallar

December 22, 2017, 06:17:23 PM #3

Floppsi1

December 23, 2017, 04:11:34 AM #4

franco

December 23, 2017, 03:44:20 PM #5

Floppsi1

December 24, 2017, 02:49:09 AM #6

franco

December 24, 2017, 10:14:43 AM #7

nallar

December 24, 2017, 03:56:34 PM #8

Floppsi1

December 24, 2017, 04:37:32 PM #9

Floppsi1

December 30, 2017, 02:27:06 AM #10

franco

December 30, 2017, 12:52:45 PM #11