On Fri, Dec 19, 2025 at 08:25:18AM +0000, Otto Cooper wrote:
> chrooted unbound is the default in openbsd.
> chrooted unbound has its configuration file in /var/unbound/etc. The command
> "rcctl reload unbound" fails because it looks for the configuration in /etc.
> To solve this problem, the rc.d config for reloading the daemon needs to be
> pointed at /var/unbound/etc.
>
(switching from ports@ to misc@, as this is not about a port, and also
cc-ing bugs@)
Trying to reproduce this -- which I can't, 'reload' uses the .conf
inside the chroot -- I came across a bug: the reloading fails to parse
the entire configuration file correctly.
Everything below is on a vanilla unbound configuration, on a Dec 7
snapshot (GENERIC.MP#140 amd64).
1. (Force) start unbound with "rcctl -f start unbound".
/var/log/daemon:
Dec 19 10:07:19 amphiprion unbound: [4466:0] notice: init module 0:
validator
Dec 19 10:07:19 amphiprion unbound: [4466:0] notice: init module 1: iterator
Dec 19 10:07:19 amphiprion unbound: [4466:0] info: start of service
(unbound 1.24.1).
2. Edit /var/unbound/etc/unbound.conf, adding "module-config: "respip
validator iterator"
3. Reload the daemon with "rcctl reload unbound". The parsing seems to
fail. Note that the only the iterator module is inited (second to last
line):
Dec 19 10:07:50 amphiprion unbound: [4466:0] info: service stopped (unbound
1.24.1).
Dec 19 10:07:50 amphiprion unbound: [4466:0] info: server stats for thread
0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip
ratelimiting
Dec 19 10:07:50 amphiprion unbound: [4466:0] info: server stats for thread
0: requestlist max 0 avg 0 exceeded 0 jostled 0
Dec 19 10:07:50 amphiprion unbound: [4466:0] notice: Restart of unbound
1.24.1.
Dec 19 10:07:50 amphiprion unbound: [4466:0] warning: setrlimit: Operation
not permitted
Dec 19 10:07:50 amphiprion unbound: [4466:0] warning: cannot increase max
open fds from 512 to 4152
Dec 19 10:07:50 amphiprion unbound: [4466:0] warning: continuing with less
udp ports: 460
Dec 19 10:07:50 amphiprion unbound: [4466:0] warning: increase ulimit or
decrease threads, ports in config to remove this warning
Dec 19 10:07:50 amphiprion unbound: [4466:0] notice: init module 0: iterator
Dec 19 10:07:50 amphiprion unbound: [4466:0] info: start of service
(unbound 1.24.1).
4. Try reloading again with "rcctl reload unbound". This fails
altogether, which means that unbound is stopped but not restarted.
Note the missing "v" on the module name:
Dec 19 10:08:10 amphiprion unbound: [4466:0] info: service stopped (unbound
1.24.1).
Dec 19 10:08:10 amphiprion unbound: [4466:0] info: server stats for thread
0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip
ratelimiting
Dec 19 10:08:10 amphiprion unbound: [4466:0] info: server stats for thread
0: requestlist max 0 avg 0 exceeded 0 jostled 0
Dec 19 10:08:10 amphiprion unbound: [4466:0] notice: Restart of unbound
1.24.1.
Dec 19 10:08:10 amphiprion unbound: [4466:0] warning: setrlimit: Operation
not permitted
Dec 19 10:08:10 amphiprion unbound: [4466:0] warning: cannot increase max
open fds from 512 to 4152
Dec 19 10:08:10 amphiprion unbound: [4466:0] warning: continuing with less
udp ports: 460
Dec 19 10:08:10 amphiprion unbound: [4466:0] warning: increase ulimit or
decrease threads, ports in config to remove this warning
Dec 19 10:08:10 amphiprion unbound: [4466:0] error: Unknown value in
module-config, module: 'alidator'. This module is not present (not compiled
in); see the list of linked modules with unbound -V
Dec 19 10:08:10 amphiprion unbound: [4466:0] fatal error: failed to init
modules
5. (Re)starting unbound with the changed config works:
Dec 19 10:20:08 amphiprion unbound: [72001:0] notice: init module 0: respip
Dec 19 10:20:08 amphiprion unbound: [72001:0] notice: init module 1:
validator
Dec 19 10:20:08 amphiprion unbound: [72001:0] notice: init module 2:
iterator
Dec 19 10:20:08 amphiprion unbound: [72001:0] info: start of service
(unbound 1.24.1).
--
