Actions
Bug #5334
closedunbound root.key file corruption can prevent unbound from starting
Start date:
10/21/2015
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
Unbound's root.key can end up containing parts of another file in /var/ such as the circumstances in this thread:
https://forum.pfsense.org/index.php?topic=87357.15
leaving unbound failing to start.
Oct 16 08:23:54 unbound: [58658:0] fatal error: failed to setup modules Oct 16 08:23:54 unbound: [58658:0] error: module init for module validator failed Oct 16 08:23:54 unbound: [58658:0] error: validator: could not apply configuration settings. Oct 16 08:23:54 unbound: [58658:0] error: validator: error in trustanchors config Oct 16 08:23:54 unbound: [58658:0] error: error reading auto-trust-anchor-file: /var/unbound/root.key Oct 16 08:23:54 unbound: [58658:0] error: failed to read /root.key Oct 16 08:23:54 unbound: [58658:0] error: failed to load trust anchor from /root.key at line 1, skipping
The unbound-anchor command that's run during service startup to update or populate root.key fails if root.key contains invalid data (and exits with code 0 both when it has an error, and when it doesn't need to update...).
Updated by Chris Buechler almost 9 years ago
- Status changed from Confirmed to Feedback
should be fixed by the fsync alone, and the sanity check will fix any other occurrence of invalid file contents that makes unbound-anchor fail.
Updated by Chris Buechler almost 9 years ago
reported upstream here:
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=712
Updated by Chris Buechler almost 9 years ago
- Status changed from Feedback to Resolved
fixed
Unbound fixed the missing fsync for a future release
Actions