Hello Willem-san Thank you for your reply.
I installed unbound-1.9.0rc1 from the source. Starting unbound.conf with the default, failed to start. Is there anything that you have to set at a minimum? How can I start it? The following is the operation log. ------------------------------------ # wget https://nlnetlabs.nl/downloads/unbound/unbound-1.9.0rc1.tar.gz # tar zxvf unbound-1.9.0rc1.tar.gz # ./configure # make # make install # rpm -q openssl-devel openssl-devel-1.0.2k-16.el7.x86_64 # rpm -q openssl-devel openssl-devel-1.0.2k-16.el7.x86_64 # /etc/rc.d/init.d/unbound start Starting unbound (via systemctl): Job for unbound.service failed because the control process exited with error code. See "systemctl status unbound.service" and "journalctl -xe" for details. [Fail] # systemctl status unbound.service ● unbound.service - LSB: unbound recursive Domain Name Server. Loaded: loaded (/etc/rc.d/init.d/unbound; bad; vendor preset: disabled) Active: failed (Result: exit-code) since 2019-02-01 16:01:19 JST; 36s ago Docs: man:systemd-sysv-generator(8) Process: 2148 ExecStart=/etc/rc.d/init.d/unbound start (code=exited, status=5) 2月 01 16:01:18 example.com systemd[1]: Starting LSB: unbound recursive Domain Name Server.... 2月 01 16:01:19 example.com systemd[1]: unbound.service: control process exited, code=exited status=5 2月 01 16:01:19 example.com systemd[1]: Failed to start LSB: unbound recursive Domain Name Server.. 2月 01 16:01:19 example.com systemd[1]: Unit unbound.service entered failed state. 2月 01 16:01:19 example.com systemd[1]: unbound.service failed. # journalctl -xe -- Unit session-1410.scope has begun starting up. 2月 01 16:01:01 example.com CROND[2111]: (root) CMD (run-parts /etc/cron.hourly) 2月 01 16:01:01 example.com run-parts(/etc/cron.hourly)[2115]: starting 0anacron 2月 01 16:01:01 example.com run-parts(/etc/cron.hourly)[2121]: finished 0anacron 2月 01 16:01:01 example.com run-parts(/etc/cron.hourly)[2123]: starting mcelog.cron 2月 01 16:01:01 example.com run-parts(/etc/cron.hourly)[2127]: finished mcelog.cron 2月 01 16:01:18 example.com polkitd[756]: Registered Authentication Agent for unix-process:2141:71567004 (system bus name :1.2995 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/Authe 2月 01 16:01:18 example.com systemd[1]: Starting LSB: unbound recursive Domain Name Server.... -- Subject: Unit unbound.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit unbound.service has begun starting up. 2月 01 16:01:19 example.com systemd[1]: unbound.service: control process exited, code=exited status=5 2月 01 16:01:19 example.com systemd[1]: Failed to start LSB: unbound recursive Domain Name Server.. -- Subject: Unit unbound.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit unbound.service has failed. -- -- The result is failed. 2月 01 16:01:19 example.com systemd[1]: Unit unbound.service entered failed state. 2月 01 16:01:19 example.com systemd[1]: unbound.service failed. 2月 01 16:01:19 example.com polkitd[756]: Unregistered Authentication Agent for unix-process:2141:71567004 (system bus name :1.2995, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale ja_JP.UTF-8) (disconne # tail -f /var/log/messages Feb 1 16:01:18 example systemd: Starting LSB: unbound recursive Domain Name Server.... Feb 1 16:01:19 example systemd: unbound.service: control process exited, code=exited status=5 Feb 1 16:01:19 example systemd: Failed to start LSB: unbound recursive Domain Name Server.. Feb 1 16:01:19 example systemd: Unit unbound.service entered failed state. Feb 1 16:01:19 example systemd: unbound.service failed. ------------------------------------ What is the solution? 2019年1月29日(火) 18:53 Willem Toorop via Unbound-users < [email protected]>: > Hello 水上ナツ, > > You do not need ldns to compile unbound. > The installation guide for Unbound is here: > > https://nlnetlabs.nl/documentation/unbound/howto-setup/ > > You could also try if your distribution has a pre-compiled binary. i.e.: > > yum install unbound > > > -- Willem > > On 29-01-19 09:30, 水上ナツ via Unbound-users wrote: > > Hello. It is my first post. > > > > Unbound is not detailed at all. > > I want to install unbound. > > However, when installing ldns the following log was output and it did > > not work. > > ------ > > Please upgrade OpenSSL to version> = 1.1.0 or rerun with - disable - > > dane - verify or - disable - dane - ta -usage > > ------ > > The following is the operation log. > > > > What is the solution? > > ---------------------------------------------------- > > # wget https://www.nlnetlabs.nl/downloads/ldns/ldns-1.7.0-rc3.tar.gz > > # tar zxvf ldns-1.7.0-rc3.tar.gz > > # cd ldns-1.7.0-rc3/ > > # ./configure > > ... > > configure: error: OpenSSL does not support offline DANE verification > > (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version > >>= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage > > > > # yum remove openssl > > # wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz > > # tar zxvf openssl-1.1.1a.tar.gz > > # cd openssl-1.1.1a/ > > # ./config > > ... > > ********************************************************************** > > *** *** > > *** OpenSSL has been successfully configured *** > > *** *** > > *** If you encounter a problem while building, please open an *** > > *** issue on GitHub <https://github.com/openssl/openssl/issues> *** > > *** and include the output from the following command: *** > > *** *** > > *** perl configdata.pm <http://configdata.pm> > > --dump *** > > *** *** > > *** (If you are new to OpenSSL, you might want to consult the *** > > *** 'Troubleshooting' section in the INSTALL file first) *** > > *** *** > > ********************************************************************** > > # make > > # make install > > # cd ldns-1.7.0-rc3/ > > # ./configure > > ... > > configure: error: OpenSSL does not support offline DANE verification > > (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version > >>= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage > > # ./configure --disable-dane-verify > > # make > > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I. -DHAVE_CONFIG_H > > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\"" > > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g -O2 > > -I/usr/local/include -c ./buffer.c -o buffer.lo > > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I. -DHAVE_CONFIG_H > > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\"" > > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g -O2 > > -I/usr/local/include -c ./dane.c -o dane.lo > > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I. -DHAVE_CONFIG_H > > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\"" > > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g -O2 > > -I/usr/local/include -c ./dname.c -o dname.lo > > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I. -DHAVE_CONFIG_H > > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\"" > > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g -O2 > > -I/usr/local/include -c ./dnssec.c -o dnssec.lo > > ./dnssec.c: Within function 'ldns_convert_dsa_rrsig_asn12rdf': > > ./dnssec.c: 1761: 12: Error: indirect reference to an incomplete type > > pointer > > R = dsasig -> r; > > ^ > > ./dnssec.c: 1762: 12: Error: indirect reference to an incomplete type > > pointer > > S = dsasig -> s; > > ^ > > ./dnssec.c: Within function 'ldns_convert_dsa_rrsig_rdf 2 asn 1': > > ./dnssec.c: 1830: 8: Error: indirect reference to an incomplete type > pointer > > dsasig -> r = R; > > ^ > > ./dnssec.c: 1831: 8: Error: indirect reference to an incomplete type > pointer > > dsasig -> s = S; > > ^ > > ./dnssec.c: Within function 'ldns_convert_ecdsa_rrsig_asn1 len2rdf': > > ./dnssec.c: 1870: 15: Error: indirect reference to an incomplete type > > pointer > > r = ecdsa_sig-> r; > > ^ > > ./dnssec.c: 1871: 15: Error: indirect reference to an incomplete type > > pointer > > s = ecdsa_sig -> s; > > ^ > > make: *** [dnssec.lo] Error 1 > > ---------------------------------------------------- > > > > What is the solution? > > > >
