Currently /etc/rc.d/unbound only checks a configuration (using unbound-checkconf) upon starting as part of rc_pre(). It would would be nice to have a configtest, which checks a configuration before restarting/reloading as well.
I recently got bitten by a cron script, which made _invalid_ changes to my unbound configuration. Upon restarting rc_pre() was called in the start phase, and concluded that the configuration was invalid. As a consequence no DNS. Proposal is to change rc_pre() here to rc_configtest(). rc_pre() is only used when starting a daemon, and is preceded by rc_configtest() [0]. [0] https://github.com/openbsd/src/blob/master/etc/rc.d/rc.subr#L231-L236 OK? diff --git etc/rc.d/unbound etc/rc.d/unbound index 0f19c90fdf1..e62951b9dae 100644 --- etc/rc.d/unbound +++ etc/rc.d/unbound @@ -7,7 +7,7 @@ daemon_flags="-c /var/unbound/etc/unbound.conf" . /etc/rc.d/rc.subr -rc_pre() { +rc_configtest() { if grep '^[[:space:]]*auto-trust-anchor-file:' \ /var/unbound/etc/unbound.conf > /dev/null 2>&1; then /usr/sbin/unbound-anchor -v