Re: Getting error messages, DNSSEC appears to be working nevertheless
Hi Wouter & thanks for the insight. I apparently overlooked some items when going through the /var/unbound/unbound.conf settings. I had (root-hints: "/var/unbound/root.hints") commented out, so I no longer need this flag in /etc/rc.conf: "-r '/var/unbound/root.hints'" I took out the "-a" flag, but that did not solve the error message. I then disabled (auto-trust-anchor-file: "/var/unbound/root.key") as well (no auto-trust anywhere), and the error went away: libunbound[64349:0] notice: init module 0: validator libunbound[64349:0] notice: init module 1: iterator unbound[65656:0] notice: init module 0: validator unbound[65656:0] notice: init module 1: iterator unbound[65656:0] info: start of service (unbound 1.6.2). I did not see mentioned error before adding below line to etc/rc.conf unbound_anchorflags="-C /var/unbound/unbound.conf" I assume when used, anchorflags setting auto-detects what it's supposed to do, and dislikes other inputs. Thanks & Regards. -- HardenedBSD_amd64_12-Current_RadeonKMS Please CC my email when responding, mail from list is not delivered.
Re: error: outgoing tcp: bind: Address already in use
Hi Nick, On 21/07/17 05:29, Nick Urbanik via Unbound-users wrote: > Dear Folks, > > On 06/07/17 18:13 +1000, Nick Urbanik via Unbound-users wrote: >> A DNS server running unbound 1.6.3 has these messages; any suggestions >> on what is happening? >> >> error: serviced_tcp_initiate: failed to send tcp query >> error: outgoing tcp: bind: Address already in use > > Could our setting of > max-udp-size: 3072 > be too low? Any guidelines for tuning this? I think unbound 1.6.4 port reuse option may solve it for you as Quirin suggests. The max-udp-size is not important for this error you are seeing in logs. Best regards, Wouter signature.asc Description: OpenPGP digital signature
Re: Getting error messages, DNSSEC appears to be working nevertheless
Hi Beeblebrox, I think the issue is that -a adds the root.key file, but you also have the root.key file in your unbound.conf, hence it is added twice. You'd need another unbound.conf file without the root.key statement for unbound-anchor. (unbound.conf supports include: "file" to make that easy to maintain). Best regards, Wouter On 24/07/17 09:04, Beeblebrox via Unbound-users wrote: > Hello. I have Unbound running in a FreeBSD Jail, with all required files > placed in /var/unbound. /etc/rc.conf starts unbound with: > > unbound_enable="YES" > unbound_flags="-c /var/unbound/unbound.conf" > unbound_anchorflags="-a '/var/unbound/root.key' -C /var/unbound/unbound.conf > -r '/var/unbound/root.hints'" > > DNSSEC is morking since "drill -D 00f.net" gives correct result. > However, unbound.log shows below message, and I'm wondering if it could cause > future problems: > > libunbound[74640:0] notice: init module 0: validator > libunbound[74640:0] error: trust anchor presented twice > libunbound[74640:0] error: could not parse auto-trust-anchor-file > /var/unbound/root.key line 2 > libunbound[74640:0] error: error reading auto-trust-anchor-file: > /var/unbound/root.key > libunbound[74640:0] error: validator: error in trustanchors config > libunbound[74640:0] error: validator: could not apply configuration settings. > libunbound[74640:0] error: module init for module validator failed > unbound[75230:0] notice: init module 0: validator > unbound[75230:0] notice: init module 1: iterator > unbound[75230:0] info: start of service (unbound 1.6.2). > > Regards. > signature.asc Description: OpenPGP digital signature
Getting error messages, DNSSEC appears to be working nevertheless
Hello. I have Unbound running in a FreeBSD Jail, with all required files placed in /var/unbound. /etc/rc.conf starts unbound with: unbound_enable="YES" unbound_flags="-c /var/unbound/unbound.conf" unbound_anchorflags="-a '/var/unbound/root.key' -C /var/unbound/unbound.conf -r '/var/unbound/root.hints'" DNSSEC is morking since "drill -D 00f.net" gives correct result. However, unbound.log shows below message, and I'm wondering if it could cause future problems: libunbound[74640:0] notice: init module 0: validator libunbound[74640:0] error: trust anchor presented twice libunbound[74640:0] error: could not parse auto-trust-anchor-file /var/unbound/root.key line 2 libunbound[74640:0] error: error reading auto-trust-anchor-file: /var/unbound/root.key libunbound[74640:0] error: validator: error in trustanchors config libunbound[74640:0] error: validator: could not apply configuration settings. libunbound[74640:0] error: module init for module validator failed unbound[75230:0] notice: init module 0: validator unbound[75230:0] notice: init module 1: iterator unbound[75230:0] info: start of service (unbound 1.6.2). Regards. -- HardenedBSD_amd64_12-Current_RadeonKMS Please CC my email when responding, mail from list is not delivered.