Package: unbound
Version: 1.6.0-3+deb9u1
Severity: normal
User: [email protected]
Usertags: needed-by-DSA-Team

On networks that drop outbound port 53, restarting unbound is fragile
and slow, breaking all sorts of things.

| Oct 09 18:22:44 antheil systemd[1]: Starting Unbound DNS server...
| Oct 09 18:23:35 antheil package-helper[1539]: /var/lib/unbound/root.key has 
content
| Oct 09 18:23:35 antheil package-helper[1539]: fail: the anchor is NOT ok and 
could not be fixed
| Oct 09 18:23:35 antheil systemd[1]: Started Unbound DNS server.

Also, ftr, the root.key file is just fine, listing both trust anchors.

| weasel@antheil:~$ cat /var/lib/unbound/root.key
| ; autotrust trust anchor file
| ;;id: . 1
| ;;last_queried: 1539109453 ;;Tue Oct  9 18:24:13 2018
| ;;last_success: 1539109453 ;;Tue Oct  9 18:24:13 2018
| ;;next_probe_time: 1539127753 ;;Tue Oct  9 23:29:13 2018
| ;;query_failed: 0
| ;;query_interval: 20187
| ;;retry_time: 4037
| .       172800  IN      DNSKEY  257 3 8 
AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
 ;{id = 20326 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 
;;lastchange=1506691252 ;;Fri Sep 29 13:20:52 2017
| .       172800  IN      DNSKEY  257 3 8 
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
 ;{id = 19036 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 
;;lastchange=1504090958 ;;Wed Aug 30 11:02:38 2017


Please fix unbound-anchor.  Also, please make it easy to remove it from the
unbound startup process.  On our system it is a source of trouble that does not
do anything to help us.

-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

Reply via email to