On 2025/12/19 12:17, Otto Cooper wrote: > > I wrote this in /etc/login.conf: > > unbound:\ > :openfiles-max=8192:\ > :openfiles-cur=512:\ > :tc=daemon: > > The original data from openbsd's installation is: > > unbound:\ > :openfiles=512:\ > :tc=daemon:
> I made sure it is using it: > > > doas grep unbound /etc/master.passwd > _unbound:*:53:53:unbound:0:0:Unbound Daemon:/var/unbound:/sbin/nologin > .................^^^^^^^^ the rc.d script does not require this, however that is the correct master.passwd line for unbound. > To replicate your test, I added the following in the "server" section: > > module-config: "respip validator iterator" that is a different issue than yours > >doas rcctl start unbound > unbound(ok) > > >doas rcctl restart unbound > unbound(ok) > unbound(ok) > > >doas rcctl reload unbound > unbound(ok) > > However, this is what the log says: > > ==> /var/unbound/log/current <== > Dec 19 13:00:00 unbound[39240:0] info: service stopped (unbound 1.24.0). > Dec 19 13:00:00 unbound[39240:0] info: server stats for thread 0: 0 queries, > 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting > Dec 19 13:00:00 unbound[39240:0] info: server stats for thread 0: requestlist > max 0 avg 0 exceeded 0 jostled 0 > Dec 19 13:00:00 unbound[39240:0] notice: Restart of unbound 1.24.0. > Dec 19 13:00:00 unbound[39240:0] fatal error: Could not read config file: > /etc/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see > more errors, or unbound-checkconf > > > -- > Otto > > > > > On Friday, December 19th, 2025 at 11:25 AM, Zé Loff <[email protected]> wrote: > > > > > > > On Fri, Dec 19, 2025 at 08:25:18AM +0000, Otto Cooper wrote: > > > > > chrooted unbound is the default in openbsd. > > > chrooted unbound has its configuration file in /var/unbound/etc. The > > > command "rcctl reload unbound" fails because it looks for the > > > configuration in /etc. To solve this problem, the rc.d config for > > > reloading the daemon needs to be pointed at /var/unbound/etc. > > > > > > (switching from ports@ to misc@, as this is not about a port, and also > > cc-ing bugs@) > > > > Trying to reproduce this -- which I can't, 'reload' uses the .conf > > inside the chroot -- I came across a bug: the reloading fails to parse > > the entire configuration file correctly. > > > > Everything below is on a vanilla unbound configuration, on a Dec 7 > > snapshot (GENERIC.MP#140 amd64). > > > > 1. (Force) start unbound with "rcctl -f start unbound". > > > > /var/log/daemon: > > > > Dec 19 10:07:19 amphiprion unbound: [4466:0] notice: init module 0: > > validator > > Dec 19 10:07:19 amphiprion unbound: [4466:0] notice: init module 1: iterator > > Dec 19 10:07:19 amphiprion unbound: [4466:0] info: start of service > > (unbound 1.24.1). > > > > > > 2. Edit /var/unbound/etc/unbound.conf, adding "module-config: "respip > > validator iterator" > > > > > > 3. Reload the daemon with "rcctl reload unbound". The parsing seems to > > fail. Note that the only the iterator module is inited (second to last > > line): > > > > Dec 19 10:07:50 amphiprion unbound: [4466:0] info: service stopped (unbound > > 1.24.1). > > Dec 19 10:07:50 amphiprion unbound: [4466:0] info: server stats for thread > > 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by > > ip ratelimiting > > Dec 19 10:07:50 amphiprion unbound: [4466:0] info: server stats for thread > > 0: requestlist max 0 avg 0 exceeded 0 jostled 0 > > Dec 19 10:07:50 amphiprion unbound: [4466:0] notice: Restart of unbound > > 1.24.1. > > Dec 19 10:07:50 amphiprion unbound: [4466:0] warning: setrlimit: Operation > > not permitted > > Dec 19 10:07:50 amphiprion unbound: [4466:0] warning: cannot increase max > > open fds from 512 to 4152 > > Dec 19 10:07:50 amphiprion unbound: [4466:0] warning: continuing with less > > udp ports: 460 > > Dec 19 10:07:50 amphiprion unbound: [4466:0] warning: increase ulimit or > > decrease threads, ports in config to remove this warning > > Dec 19 10:07:50 amphiprion unbound: [4466:0] notice: init module 0: iterator > > Dec 19 10:07:50 amphiprion unbound: [4466:0] info: start of service > > (unbound 1.24.1). > > > > > > 4. Try reloading again with "rcctl reload unbound". This fails > > altogether, which means that unbound is stopped but not restarted. > > Note the missing "v" on the module name: > > > > Dec 19 10:08:10 amphiprion unbound: [4466:0] info: service stopped (unbound > > 1.24.1). > > Dec 19 10:08:10 amphiprion unbound: [4466:0] info: server stats for thread > > 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by > > ip ratelimiting > > Dec 19 10:08:10 amphiprion unbound: [4466:0] info: server stats for thread > > 0: requestlist max 0 avg 0 exceeded 0 jostled 0 > > Dec 19 10:08:10 amphiprion unbound: [4466:0] notice: Restart of unbound > > 1.24.1. > > Dec 19 10:08:10 amphiprion unbound: [4466:0] warning: setrlimit: Operation > > not permitted > > Dec 19 10:08:10 amphiprion unbound: [4466:0] warning: cannot increase max > > open fds from 512 to 4152 > > Dec 19 10:08:10 amphiprion unbound: [4466:0] warning: continuing with less > > udp ports: 460 > > Dec 19 10:08:10 amphiprion unbound: [4466:0] warning: increase ulimit or > > decrease threads, ports in config to remove this warning > > Dec 19 10:08:10 amphiprion unbound: [4466:0] error: Unknown value in > > module-config, module: 'alidator'. This module is not present (not compiled > > in); see the list of linked modules with unbound -V > > Dec 19 10:08:10 amphiprion unbound: [4466:0] fatal error: failed to init > > modules > > > > > > 5. (Re)starting unbound with the changed config works: > > > > Dec 19 10:20:08 amphiprion unbound: [72001:0] notice: init module 0: respip > > Dec 19 10:20:08 amphiprion unbound: [72001:0] notice: init module 1: > > validator > > Dec 19 10:20:08 amphiprion unbound: [72001:0] notice: init module 2: > > iterator > > Dec 19 10:20:08 amphiprion unbound: [72001:0] info: start of service > > (unbound 1.24.1). > > > > > > > > -- > > >
