Package: dnssec-trigger Version: 0.17+repack-3 Severity: normal I get errors like the ones below in my systemd journal until I enable the unbound remote-control option using the dnssec-trigger script for that, but the script does that in the wrong way.
Instead, the added line should be in a snippet dropped into the unbound
configuration directory so that the config file change doesn't cause
dpkg conffile prompts when upgrading unbound. Also the postinst needs
to run the script with the -i option so that it installs the unbound
config file changes and can thus control unbound by default.
$ grep -C2 setup /var/lib/dpkg/info/dnssec-trigger.postinst
case "$1" in
configure)
dnssec-trigger-control-setup
;;
$ grep -r remote-control /etc/unbound/unbound.conf*
$ sudo dnssec-trigger-control-setup -i
$ tail -n 1 /etc/unbound/unbound.conf
remote-control: control-enable: yes # linetag-dnssec-trigger
$ tail -n1 /etc/unbound/unbound.conf | sudo tee
/etc/unbound/unbound.conf.d/dnssec-trigger.conf
$ sudo sed -i '/linetag-dnssec-trigger/d' /etc/unbound/unbound.conf
Feb 27 08:09:29 dnssec-triggerd[24647]: [1551226169] unbound-control[24859:0]
warning: control-enable is 'no' in the config file.
Feb 27 08:09:29 dnssec-triggerd[24647]: [1551226169] unbound-control[24859:0]
error: connect: Connection refused for 127.0.0.1 port 8953
Feb 27 08:09:29 dnssec-triggerd[24647]: [24647] warning: unbound-control exited
with status 256, cmd: /usr/sbin/unbound-control forward fd57:944b:77d7::1
192.168.1.1
Feb 27 08:09:31 dnssec-triggerd[24647]: Traceback (most recent call last):
Feb 27 08:09:31 dnssec-triggerd[24647]: File
"/usr/lib/dnssec-trigger/dnssec-trigger-script", line 774, in <module>
Feb 27 08:09:31 dnssec-triggerd[24647]: main()
Feb 27 08:09:31 dnssec-triggerd[24647]: File
"/usr/lib/dnssec-trigger/dnssec-trigger-script", line 761, in main
Feb 27 08:09:31 dnssec-triggerd[24647]: Application(sys.argv).run()
Feb 27 08:09:31 dnssec-triggerd[24647]: File
"/usr/lib/dnssec-trigger/dnssec-trigger-script", line 472, in run
Feb 27 08:09:31 dnssec-triggerd[24647]: self.method()
Feb 27 08:09:31 dnssec-triggerd[24647]: File
"/usr/lib/dnssec-trigger/dnssec-trigger-script", line 556, in run_setup
Feb 27 08:09:31 dnssec-triggerd[24647]:
self._unbound_set_negative_cache_ttl(UNBOUND_MAX_NEG_CACHE_TTL)
Feb 27 08:09:31 dnssec-triggerd[24647]: File
"/usr/lib/dnssec-trigger/dnssec-trigger-script", line 641, in
_unbound_set_negative_cache_ttl
Feb 27 08:09:31 dnssec-triggerd[24647]: subprocess.check_call(CMD,
stdout=DEVNULL, stderr=DEVNULL)
Feb 27 08:09:31 dnssec-triggerd[24647]: File
"/usr/lib/python3.7/subprocess.py", line 347, in check_call
Feb 27 08:09:31 dnssec-triggerd[24647]: raise CalledProcessError(retcode,
cmd)
Feb 27 08:09:31 dnssec-triggerd[24647]: subprocess.CalledProcessError: Command
'['unbound-control', 'set_option', 'cache-max-negative-ttl:', '5']' returned
non-zero exit status 1.
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (800,
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700,
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8),
LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dnssec-trigger depends on:
ii gir1.2-nm-1.0 1.14.4-4
ii libc6 2.28-7
ii libgdk-pixbuf2.0-0 2.38.0+dfsg-7
ii libglib2.0-0 2.58.3-1
ii libgtk2.0-0 2.24.32-3
ii libldns2 1.7.0-3.1+b1
ii libssl1.1 1.1.1a-1
ii python3 3.7.2-1
ii python3-gi 3.30.4-1
ii python3-lockfile 1:0.12.2-2
ii sensible-utils 0.0.12
ii unbound 1.9.0-2
dnssec-trigger recommends no packages.
dnssec-trigger suggests no packages.
-- no debconf information
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
