Your message dated Mon, 04 Sep 2023 07:07:55 +0000
with message-id <[email protected]>
and subject line Bug#1038243: fixed in unbound 1.18.0-1
has caused the Debian Bug report #1038243,
regarding unbound: error log flooding when unbound is configured with a DNS
over TLS upstream server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1038243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038243
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unbound
Version: 1.17.1-2
Severity: important
Hello,
I upgraded from bullseye to bookworm and after the upgrade unbound in version
1.17.1-2 is flooding the journal with the error messages."error: could not
SSL_read crypto error:0A000126:SSL routines::unexpected eof while reading“.
Unbound is configured with DNS over TLS forward addresses
(forward-ssl-upstream: yes).
journal entries:
journalctl -b -u unbound.service
Jun 15 22:39:13 klettur-01 systemd[1]: Starting unbound.service - Unbound DNS
server...
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] notice: init module 0:
subnetcache
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] warning: subnetcache:
serve-expired is set but not working for data originating from the subnet
module cache.
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] warning: subnetcache:
prefetch is set but not working for data originating from the subnet module
cache.
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] notice: init module 1:
validator
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] notice: init module 2:
iterator
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] info: start of service
(unbound 1.17.1).
Jun 15 22:39:15 klettur-01 systemd[1]: Started unbound.service - Unbound DNS
server.
Jun 15 22:39:26 klettur-01 unbound[1501]: [1501:0] info: generate keytag query
_ta-4f66. NULL IN
Jun 15 22:39:36 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:36 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:36 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:36 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:41 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:52 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:52 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:52 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:52 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:18 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:18 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:32 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:32 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:32 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:56 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:56 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:56 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:41:12 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:41:12 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:41:12 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
The error log entries are related to OpenSSL 3.
Related upstream Issue:
https://github.com/NLnetLabs/unbound/issues/812
This bug is fixed in upstream commit:
https://github.com/NLnetLabs/unbound/commit/d7e776114114c16816570e48ab3a27eedc401a0e
Can you please backport the patch to the bookworm package.
Regards,
Wolfgang
--- End Message ---
--- Begin Message ---
Source: unbound
Source-Version: 1.18.0-1
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
unbound, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated unbound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 04 Sep 2023 09:41:58 +0300
Source: unbound
Architecture: source
Version: 1.18.0-1
Distribution: unstable
Urgency: medium
Maintainer: unbound packagers <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1038243
Changes:
unbound (1.18.0-1) unstable; urgency=medium
.
* new upstream release
Closes: #1038243
Checksums-Sha1:
400fc4916747cd2b1fce8229ca19fa94422f9784 2843 unbound_1.18.0-1.dsc
0c5350ed7443f75b98c1e9b58ea664f243059e6e 6315297 unbound_1.18.0.orig.tar.gz
412426326667e923a29e56970b874e64ce0e69d4 833 unbound_1.18.0.orig.tar.gz.asc
2fdac654bc69210b58876438964b12bae323f67d 29768 unbound_1.18.0-1.debian.tar.xz
4c1a6f10127b55906c0cfd6fd1b683fada7a28eb 8047 unbound_1.18.0-1_source.buildinfo
Checksums-Sha256:
6c0a004b3c1318599525b4e199c2c67989a36e1cf13b830fc12f2e17ec05ad3f 2843
unbound_1.18.0-1.dsc
3da95490a85cff6420f26fae0b84a49f5112df1bf1b7fc34f8724f02082cb712 6315297
unbound_1.18.0.orig.tar.gz
50be3272fcad024ca7d2fb6a2a3e1f8805e7137b01c4769f547246dd1243b8e0 833
unbound_1.18.0.orig.tar.gz.asc
9cb379ada586f30b614a46f2a4571df7e8e21a5dc8d96a728e48ec4f305f8fd6 29768
unbound_1.18.0-1.debian.tar.xz
7216e468b0b3f21ed29bfb1c556d77d016e2e5864b822089d294bd986456804c 8047
unbound_1.18.0-1_source.buildinfo
Files:
842fc35a8f16f776b848342f2a0813d1 2843 net optional unbound_1.18.0-1.dsc
67d5bb4ce2a9d6e52d2bc4af982fb340 6315297 net optional
unbound_1.18.0.orig.tar.gz
d24ed63bc90796d706db6dd292acf55b 833 net optional
unbound_1.18.0.orig.tar.gz.asc
77a05026ea24a3515555620d429d16f5 29768 net optional
unbound_1.18.0-1.debian.tar.xz
01643caa4270f70adc7a2be4e81ae322 8047 net optional
unbound_1.18.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmT1fFkPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZzJEH/jYJK3RvfAqwzytLxyWnRpGG72lnNE8po43M
RfQE9W+ExA4sSlJ4ZRGrW1W47KDwKmoELDEWNIjJwkACBDpA86YLw44hnfwaTSJz
7cN1v7mIQ+HBfr49n7axiBf/R/BuoANar0CkvbJCkQ6ScKKiaBGBr4eXpknNBIDy
6GI3/yrwRaiPr1zrjsf3Q+vVXwQFBoN53cX4MVUC7NJzj+w9SXYj+rkPytThvSbm
0505jZ1GTfLcFLB+wZuRCwVUEi5oWpDaVSkB6NnlWjiM2KObkCB+4+mi9kvFBg+C
UEe3gMO45lyMcBVOB8PQpzQGXyFwpqnIYPTFJPjS0a/iNYgaNKk=
=3El1
-----END PGP SIGNATURE-----
--- End Message ---
