[Bug 232555] local_unbound fails to start if root.key is empty.

Tue, 23 Oct 2018 02:25:06 -0700 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232555

            Bug ID: 232555
           Summary: local_unbound fails to start if root.key is empty.
           Product: Base System
           Version: 11.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: b...@freebsd.org
          Reporter: a...@stonepile.fi

Created attachment 198487
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=198487&action=edit
Patch for /etc/rc.d/local_unbound

It seems to be possible that local_unbound gets into state where
/var/unbound/root.key exists but is empty as a result of unclean shutdown.

The command that regenerates the file is unbound-anchor, which rebuilds it if
it doesn't exist or it is empty (stated in man page). However,
/etc/rc.d/local_unbound doesn't invoke it if root.key exists, even as
zero-length file.

This results in situation where the local_unbound service no longer starts, it
is also unable to recover from such condition automatically. This leaves the
machine without working DNS service:

Oct 23 09:08:39 local-unbound-test unbound: [947:0] notice: init module 0:
validator
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: failed to read
/root.key
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: error reading
auto-trust-anchor-file: /var/unbound/root.key
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: validator: error in
trustanchors config
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: validator: could not
apply configuration settings.
Oct 23 09:08:39 local-unbound-test unbound: [947:0] error: module init for
module validator failed
Oct 23 09:08:39 local-unbound-test unbound: [947:0] fatal error: failed to
setup modules


Simple fix to solution would be the change the rc.d script so that it has same
logic as unbound-anchor, ie. run it if the file does not exist OR it is empty.

Patch attached.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to