Unbound is not running

fpausp · 26 June 2021 19:41

I run ipfire core 155 and cannot get updates…

/etc/init.d/unbound status

shows me:

/usr/sbin/unbound is not running.

[root@ipf ~]# unbound-control status
/etc/unbound/forward.conf:6: error: unknown keyword '1.1.1.2'
read /etc/unbound/unbound.conf failed: 1 errors in configuration file
[1624736739] unbound-control[25238:0] fatal error: could not read config file

How can I fix it?

pmueller · 26 June 2021 20:06

Hi,

something or someone seems to have written a semantically invalid Unbound configuration to disk.

Could you please post a screenshot of your DNS configuration and the contents of /etc/unbound/forward.conf here?

Thanks, and best regards,
Peter Müller

fpausp · 26 June 2021 20:12

Hi Peter,

[root@ipf ~]# cat /etc/unbound/forward.conf
# This file is automatically generated and any changes
# will be overwritten. DO NOT EDIT!

stub-zone:
        name:
        stub-addr: 1.1.1.2

pmueller · 26 June 2021 20:15

Hi,

this looks like you configured a DNS forwarding for an empty zone. (Surprised to see the web interface not catching such invalid inputs. )

Is this true? If so, does deleting the DNS forwarding in question make a difference?

Thanks, and best regards,
Peter Müller

fpausp · 26 June 2021 21:00

I think the missing name of the stub-zone in forward.conf is the problem…

When I edit it manually like this:

stub-zone:
name: “.”
stub-addr: 1.1.1.2

I am able to start unbound but this just works until the next reboot…

How can I make this permanent?

bbitsch · 26 June 2021 21:13

It is unfortunately no surprise :(.
The function validdomainname() in generalfunctions.pl accepts empty strings as valid.

sub validdomainname
{
	my $part;

	# Checks a domain name against RFC1035 and RFC2181
        my $domainname = $_[0];
	my @parts = split (/\./, $domainname);	# Split domain name at the '.'

	foreach $part (@parts) {
		# Each part should be at least one character in length
		# but no more than 63 characters
		if (length ($part) < 1 || length ($part) > 63) {
			return 0;}
		# Only valid characters are a-z, A-Z, 0-9, _ and -
		if ($part !~ /^[a-zA-Z0-9_-]*$/) {
			return 0;}
	}
	return 1;
}

If $domainname is empty, @parts is an array with no elements. So the foreach loop is a nop statement.

bbitsch · 26 June 2021 21:16

You must enter a valid FQDN for the zone in the DNS forward WUI page.

fpausp · 26 June 2021 21:34

OK, thank you gentleman! Unbound works now…

pmueller · 27 June 2021 08:06

Hi,

by the way, I still did not get why you want or have to configure DNS forwarding for an empty zone.
This implies Unbound will forward requests for any FQDN asked to the server specified, which is exactly what this GUI does.

Wouldn’t assigning DNS servers directly be the straight-forward way?

Oh, thanks for digging into this.

This kinda looks like we skipped the test for empty inputs intentionally, since that one would be the first thing to check in my point of view. Perhaps we need this function somewhere where a blank input is fine, but that would be ugly as well.

Either way, I’ll file a bug to clarify this.

EDIT: Please refer to #12648 for the Bugzilla entry.

Thanks, and best regards,
Peter Müller

bbitsch · 27 June 2021 09:09

Hi Peter,

thanks for filing the bug.
I’ll try to work on this. I’ll check the usage of the function. But I think a domainname never should be the empty string.