Bug #7600
closed
Unable to save DNS Resolver settings
Added by Anthony Hernandez over 7 years ago.
Updated over 5 years ago.
Description
https://forum.pfsense.org/index.php?topic=118226.15
I was about to respond to this, currently happening on a 2.3.4 install
System Netgate SG-8860
Serial: x
Netgate Unique ID: x
BIOS Vendor: coreboot
Version: ADI_RCCVE-01.00.00.08-nodebug
Release Date: 01/22/2016
Version 2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19
Running this command lets me save the config and apply config:
echo 'mkdir /var/unbound/test; /usr/local/sbin/unbound-control-setup -d /var/unbound/test' | /usr/bin/su -m unbound
- Status changed from New to Feedback
I can't replicate this as stated. There must be some missing detail to reliably replicate it. Please discuss it further on the thread and compare other system settings and setup details, like what platform/architecture is in use (e.g. NanoBSD or full), if you have /var and /tmp in RAM disks, and anything else about the setup that might be different or unusual.
I can reproduce the issue. Load up an assload (technical term) of lists in the pfBlockerNG plugin in the DNSBL Feeds tab. Get 100,000 or so blocked domains, make sure the feeds are all pulled and updated, and the issue will begin to present. You may have to toy around a bit, restart the DNS Resolver or something to get the issue to start presenting. Removing the DNSBL feeds and restarting the router eliminates the issue.
I believe whats happening here is the process to check the configuration has to do a fairly large file copy, this isn't being completed in time meaning when the test is run it hasn't finished moving other files like the key, and the error presents. Just a guess however.
There is validation of DNSBL after each feed is downloaded and parsed.
If you add the include line in /var/unbound/unbound.conf
server:include: /var/unbound/pfb_dnsbl.conf
Then
unbound-checkconf /var/unbound/unbound.conf
Does it complete with "no errors"
I just want to chime in on this problem. I'm experiencing this problem also.
Something I noticed is, that I cannot execute the command listed above as the unbound account is existent in master.passwd but unavailable for "su - unbound".
When executing "su -m unbound" I get the pfsense menu (with interface list, etc).
I have a system that came with pfsense preinstalled (Netgate XG-2758) and currently at 2.3.4-RELEASE-p1 (amd64).
In the past I disabled unbound in preference of dnsmasq and now wanted to give it another try. But now I cannot enable unbound due to the described error.
I have also just faced this problem on my 2.3.5-RELEASE-p1 (i386) nanobsd (2g). Interesting is, that adding Host Overrides does not trigger the problem, although it changes and saves DNS Resolver configuration.
I can agree that is in the 2.4.3-RELEASE-p1 (amd64) as well!!
My solution was to deactivate and deinstall "pfBlockerNG" and the dns resolver comes back to life!!! So it have definitly to do something with this blocker!!!
- Category set to DNS Resolver
- Status changed from Feedback to Closed
Either this has been resolved, or it may be a package issue. Either way this specific issue can be closed. If it can be reproduced without a package installed, feel free to open a new issue with details.
Also available in: Atom
PDF