Project

General

Profile

Actions

Bug #5334

closed

unbound root.key file corruption can prevent unbound from starting

Added by Chris Buechler over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Category:
DNS Resolver
Target version:
Start date:
10/21/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Unbound's root.key can end up containing parts of another file in /var/ such as the circumstances in this thread:
https://forum.pfsense.org/index.php?topic=87357.15

leaving unbound failing to start.

Oct 16 08:23:54    unbound: [58658:0] fatal error: failed to setup modules
Oct 16 08:23:54    unbound: [58658:0] error: module init for module validator failed
Oct 16 08:23:54    unbound: [58658:0] error: validator: could not apply configuration settings.
Oct 16 08:23:54    unbound: [58658:0] error: validator: error in trustanchors config
Oct 16 08:23:54    unbound: [58658:0] error: error reading auto-trust-anchor-file: /var/unbound/root.key
Oct 16 08:23:54    unbound: [58658:0] error: failed to read /root.key
Oct 16 08:23:54    unbound: [58658:0] error: failed to load trust anchor from /root.key at line 1, skipping

The unbound-anchor command that's run during service startup to update or populate root.key fails if root.key contains invalid data (and exits with code 0 both when it has an error, and when it doesn't need to update...).

Actions #1

Updated by Chris Buechler over 8 years ago

  • Status changed from Confirmed to Feedback

should be fixed by the fsync alone, and the sanity check will fix any other occurrence of invalid file contents that makes unbound-anchor fail.

Actions #3

Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved

fixed

Unbound fixed the missing fsync for a future release

Actions

Also available in: Atom PDF