Public bug reported:
Not the underlying package libunbound2 but only the big DNS resolver
package unbound contains a script to install/copy the root.key. If you
install just unbound-anchor, unbound-host, or -dev, this does not happen
and all tools which rely on libunbound.so might not work.
Steps to Reproduce
1) install Ubuntu 18.04 LTS for Desktop (in my case, Minimal)
2) $ sudo apt remove unbound
3) $ sudo apt install unbound-anchor
4) $ sudo unbound-anchor
Expected Result
This should install a root.key at /var/lib/unbound/, because that is the
default location, given unbound-anchor at compile time.
Actual Result
libunbound error: unable to open /var/lib/unbound/root.key for reading: No such
file or directory
libunbound error: error reading auto-trust-anchor-file:
/var/lib/unbound/root.key
libunbound error: validator: error in trustanchors config
libunbound error: validator: could not apply configuration settings.
libunbound error: module init for module validator failed
Notes
This happens *even* after changing the file
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
and its "auto-trust-anchor-file" to "/usr/share/dns/root.key" (package
dns-root-data). The same issue happens with $ unbound-host -D example.com
I am not sure how to solve this. My first guess would be that not the package
unbound but the package libunbound2 should install that key file (script
root_trust_anchor_update). This affects not only -anchor and -host but all apps
which rely on libunbound.so, because those tools expect that
"/var/lib/unbound/root.key" exists.
Workarounds
A) create the file yourself:
sudo mkdir /var/lib/unbound
sudo cp /usr/share/dns/root.key /var/lib/unbound/
B) specify the key of the package dns-root-data as command-line option:
sudo unbound-anchor -a "/usr/share/dns/root.key"
I was not able to use this approach for unbound-host.
C) install the whole DNS resolver:
sudo apt install unbound
D) in your own app, instead of one, try two files:
if (0 == access("/var/lib/unbound/root.key", R_OK)) {
status_unbound = ub_ctx_add_ta_file(ub_context,
"/var/lib/unbound/root.key");
} else {
status_unbound = ub_ctx_add_ta_file(ub_context,
"/usr/share/dns/root.key");
}
** Affects: unbound (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771545
Title:
root.key might be missing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1771545/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
