2012/2/15 Ralf <r...@ackstorm.de (mailto:r...@ackstorm.de)>: > I have briefly tested your tarball on hppa yesterday. It compiles > and works so far. >
Nice to hear :-) > I haven't gotten the DNSSec to work, so I ran with module-config: > iterator. But I'm not too familiar with DNSsec, so I might have done > something wrong on that part. And I cheated a bit when compiling and > installing, as the machine didn't have the full source tree, so I did > some steps manually, maybe I left something out. > The supplied unbound.conf should work (mental note to myself: assumption is the mother of all b&). Could you check that there is a root.key in /var/unbound/etc? If not, please run unbound-anchor manually, do not forget to set the right permissions on root.key or run as _unbound (this is part of the current unbound rc.d-script - rc_pre()). If there is a root.key you could use drill to test: drill @127.0.0.1 www.nic.cz (http://nic.cz) (rcode: noerror) drill @127.0.0.1 www.rhybar.cz (http://rhybar.cz) (rcode: servfail) or use dig: dig @127.0.0.1 www.nic.cz (http://www.nic.cz) +dnssec (ad flag should be set) Make sure that unbound is running ... > There was an issue with the rc.diff patch: > > + if [ X"${unbound_flags}" != X"NO" ]; then > + echo -n "unbound-control-setup: generating self-signed certificate and private keys... " > + if sudo -u _unbound unbound-control-setup >/dev/null 2>&1; then > + echo done. > + else > + echo failed. > + fi > + fi > + fi > You are right! I will correct this. BTW, in the current unbound.conf, control-enable is not set to 'yes'. Even if there are keys and certificates unbound-control will not work as it should. The idea is to use unbound-control for stopping and starting the daemon (rc.d-script), so this has to be changed as well. In the meantime I simplified the rc.d-script a bit: #!/bin/sh # # $OpenBSD: unbound daemon="/usr/sbin/unbound-control" daemon_flags="-c /var/unbound/etc/unbound.conf" . /etc/rc.d/rc.subr pexp="unbound${daemon_flags:+ ${daemon_flags}}" rc_reload=NO rc_pre() { sudo -u _unbound /usr/sbin/unbound-anchor } rc_start() { ${daemon} start } rc_stop() { ${daemon} stop } rc_cmd $1 As you can see rc_pre() runs unbound-anchor. This is still a point of discussionb& -- BjC6rn Ketelaars
