Package: unbound
Version: 1.6.0-3+deb9u1
Severity: normal
User: [email protected]
Usertags: needed-by-DSA-Team
On networks that drop outbound port 53, restarting unbound is fragile
and slow, breaking all sorts of things.
| Oct 09 18:22:44 antheil systemd[1]: Starting Unbound DNS server...
| Oct 09 18:23:35 antheil package-helper[1539]: /var/lib/unbound/root.key has
content
| Oct 09 18:23:35 antheil package-helper[1539]: fail: the anchor is NOT ok and
could not be fixed
| Oct 09 18:23:35 antheil systemd[1]: Started Unbound DNS server.
Also, ftr, the root.key file is just fine, listing both trust anchors.
| weasel@antheil:~$ cat /var/lib/unbound/root.key
| ; autotrust trust anchor file
| ;;id: . 1
| ;;last_queried: 1539109453 ;;Tue Oct 9 18:24:13 2018
| ;;last_success: 1539109453 ;;Tue Oct 9 18:24:13 2018
| ;;next_probe_time: 1539127753 ;;Tue Oct 9 23:29:13 2018
| ;;query_failed: 0
| ;;query_interval: 20187
| ;;retry_time: 4037
| . 172800 IN DNSKEY 257 3 8
AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0
;;lastchange=1506691252 ;;Fri Sep 29 13:20:52 2017
| . 172800 IN DNSKEY 257 3 8
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0
;;lastchange=1504090958 ;;Wed Aug 30 11:02:38 2017
Please fix unbound-anchor. Also, please make it easy to remove it from the
unbound startup process. On our system it is a source of trouble that does not
do anything to help us.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/