Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Oct 2018 09:24:06 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 232555] local_unbound fails to start if root.key is empty.
Message-ID:  <bug-232555-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232555

            Bug ID: 232555
           Summary: local_unbound fails to start if root.key is empty.
           Product: Base System
           Version: 11.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: ari@stonepile.fi

Created attachment 198487
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D198487&action=
=3Dedit
Patch for /etc/rc.d/local_unbound

It seems to be possible that local_unbound gets into state where
/var/unbound/root.key exists but is empty as a result of unclean shutdown.

The command that regenerates the file is unbound-anchor, which rebuilds it =
if
it doesn't exist or it is empty (stated in man page). However,
/etc/rc.d/local_unbound doesn't invoke it if root.key exists, even as
zero-length file.

This results in situation where the local_unbound service no longer starts,=
 it
is also unable to recover from such condition automatically. This leaves the
machine without working DNS service:

Oct 23 09:08:39 local-unbound-test unbound: [947:0] notice: init module 0:
validator
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: failed to read
/root.key
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: error reading
auto-trust-anchor-file: /var/unbound/root.key
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: validator: error=
 in
trustanchors config
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: validator: could=
 not
apply configuration settings.
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: module init for
module validator failed
Oct 23 09:08:39 local-unbound-test unbound: [947:0] fatal error: failed to
setup modules


Simple fix to solution would be the change the rc.d script so that it has s=
ame
logic as unbound-anchor, ie. run it if the file does not exist OR it is emp=
ty.

Patch attached.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-232555-227>