Bug #6072
closed
Unbound: Advanced options does not work
Added by Grischa Zengel about 9 years ago.
Updated about 9 years ago.
Description
If you put "access-control: 0.0.0.0/0 allow" into advanced, unbound didn't start with:
/var/unbound/unbound.conf:93: error: syntax error
read /var/unbound/unbound.conf failed: 1 errors in configuration file
[1459797986] unbound[43260:0] fatal error: Could not read config file: /var/unbound/unbound.conf
If you edit unbound.conf and put "access-control: 0.0.0.0/0 allow" bevor "include: /var/unbound/domainoverrides.conf" it works.
- Status changed from New to Not a Bug
- Target version deleted (
2.3.1)
- Affected Version deleted (
2.2.x)
Not seeing a problem here. Yeah that doesn't work as it's not valid. If you try to add that in a config where it will fail, you end up with:
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound.conf:89: error: syntax error
read /var/unbound/test/unbound.conf failed: 1 errors in configuration file
and cannot save the config.
Regardless, this is addressed with #6073.
- With 2.2.x you won't see this error. Unbound even won't start.
- "access-control: 0.0.0.0/0 allow" is an right command and works until you config Domain Overrides.
The problem is, the order of the commands.
For testing:
- Take a plain pfsense
- add custom options (in 2.2.x advanced options): harden-dnssec-stripped: yes
- You can apply, it works and you didn't get an error
- configure Domain Overrides
- Now apply - unbound crashes, but you didn't see an error
- Press save again and you get an error
The problem is the section. It changes for the custom options from server to stub-zone if you add Domain Overrides.
Who knows this?
My suggestion:
- Put the custom options in front of include domainoverrides.conf.
- domainoverrides changes the section by its own, so nothing happens if there a section changes inside the custom options.
- Why didn't I see the crash after adding the Domain Overrides? There is no error detection if no save button pressed.
- Put a note under the custom options field, that the commands are always in server: section and the section can be changed by user with keywords.
I thought about this a second time:
To avoid any confusion with this setting put always a "server:" in front of custom settings.
Also available in: Atom
PDF
Updated by 
Updated by