Project

General

Profile

Actions
Copy link

Bug #5334

closed

unbound root.key file corruption can prevent unbound from starting

Added by Chris Buechler about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Chris Buechler
Category:
DNS Resolver
Target version:
2.2.5
Start date:
10/21/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Unbound's root.key can end up containing parts of another file in /var/ such as the circumstances in this thread:
https://forum.pfsense.org/index.php?topic=87357.15

leaving unbound failing to start.

Oct 16 08:23:54    unbound: [58658:0] fatal error: failed to setup modules
Oct 16 08:23:54    unbound: [58658:0] error: module init for module validator failed
Oct 16 08:23:54    unbound: [58658:0] error: validator: could not apply configuration settings.
Oct 16 08:23:54    unbound: [58658:0] error: validator: error in trustanchors config
Oct 16 08:23:54    unbound: [58658:0] error: error reading auto-trust-anchor-file: /var/unbound/root.key
Oct 16 08:23:54    unbound: [58658:0] error: failed to read /root.key
Oct 16 08:23:54    unbound: [58658:0] error: failed to load trust anchor from /root.key at line 1, skipping

The unbound-anchor command that's run during service startup to update or populate root.key fails if root.key contains invalid data (and exits with code 0 both when it has an error, and when it doesn't need to update...).

Actions
Copy link

Also available in: Atom PDF