Re: /etc/rc.d/unbound assumes defaults in rc_pre()

Fri, 14 Nov 2025 22:42:15 -0800 

> I already did that ;)

Oops, I didn't look past spamlogd (slaps head).

> Can you test what I sent and report whether it works for you?

Looks great except $daemon-anchor just needs -a $_anchor instead of $_config.

> Index: unbound
> ===================================================================
> RCS file: /cvs/src/etc/rc.d/unbound,v
> diff -u -p -r1.9 unbound
> --- unbound   9 Oct 2024 15:42:56 -0000       1.9
> +++ unbound   14 Nov 2025 15:47:25 -0000
> @@ -3,18 +3,23 @@
>  # $OpenBSD: unbound,v 1.9 2024/10/09 15:42:56 kn Exp $
>
>  daemon="/usr/sbin/unbound"
> -daemon_flags="-c /var/unbound/etc/unbound.conf"
>
>  . /etc/rc.d/rc.subr
>
>  rc_pre() {
> -     local _anchor=$(/usr/sbin/unbound-checkconf -o auto-trust-anchor-file)
> +     local _anchor _config _opt
> +
> +     while getopts :c: _opt $daemon_flags; do
> +             [[ $opt == c ]] && _config=$OPTARG
> +     done
> +
> +     _anchor=$($daemon-checkconf -o auto-trust-anchor-file $_config)
>
>       if [[ -n $_anchor && ! -f $_anchor ]]; then
> -             /usr/sbin/unbound-anchor -v
> +             $daemon-anchor -v $_config

                                        ^  -v -a $_anchor

>       fi
>
> -     /usr/sbin/unbound-checkconf
> +     $daemon-checkconf $_config
>  }
>
>  rc_cmd $1


> On that:  If you change the default chroot config, you may as well change
> the default daemon flags.  If you don't, less is more, i.e. no need repeat:

The default is chroot, I just wantted to ask since I saw that comment in the
man page.  I read it as if chroot is used (it is by default) then the config
filename should be passed on command line.

I always do "rcctl restart unbound" after changes (or certificate renewal) so
I don't think I'd ever see any issues with chroot on reloads.

If I do "rcctl reload unbound" I always see these lines in syslog.
These are not new, been seeing these warnings for a long time. (years?)
I don't have any lines in my config setting number of ports or files.
So I just switched to only doing restart to avoid seeing them.

notice: Restart of unbound 1.24.0.
warning: setrlimit: Operation not permitted
warning: cannot increase max open fds from 1024 to 4140
warning: continuing with less udp ports: 984
warning: increase ulimit or decrease threads, ports in config to remove this 
warning

Reply via email to