Thank you, Wouter, otherwise I’m drowning sometime - I forgot that an unstructured config can be easily written :)
03.04.2019 17:31, Wouter Wijngaards via Unbound-users пишет: > Hi, > > Yes this error seems to be because the tls-cert-bundle option has to be > after a server: block start, but it was put after the forward-zone: > block start. > > Just insert server: before the tls-cert-bundle: line, like on a new > line above it. > > Or, instead, move that tls-cert-bundle option to a place closer to the > start of the file, not inside that forward-zone block. > > (It is possible to have several server: sections and they all get read > in after another. The config file should still be compatible by the way > from older versions, back to version 1.0). > > Best regards, Wouter > > On 03/04/2019 12:09, Yuri via Unbound-users wrote: >> Yes, Tom, yesterday I had same question :) Probably you right. >> >> 03.04.2019 13:31, Tom Hendrikx via Unbound-users пишет: >>> Hi, >>> >>> When I add some garbage to my config: >>> >>> ============================= >>> $ cat unbound.conf >>> # Unbound configuration file for Debian. >>> # >>> # See the unbound.conf(5) man page. >>> # >>> # See /usr/share/doc/unbound/examples/unbound.conf for a commented >>> # reference config file. >>> # >>> # The following line includes additional configuration files from the >>> # /etc/unbound/unbound.conf.d directory. >>> include: "/etc/unbound/unbound.conf.d/*.conf" >>> >>> # these lines are added >>> hoeba: >>> kek: yes >>> >>> ========================= >>> >>> I see similar errors: >>> >>> $ sudo unbound-checkconf >>> /etc/unbound/unbound.conf:12: error: unknown keyword 'hoeba' >>> /etc/unbound/unbound.conf:12: error: stray ':' >>> /etc/unbound/unbound.conf:13: error: unknown keyword 'kek' >>> /etc/unbound/unbound.conf:13: error: stray ':' >>> /etc/unbound/unbound.conf:13: error: unknown keyword 'yes' >>> read /etc/unbound/unbound.conf failed: 5 errors in configuration file >>> >>> >>> Maybe you indentation is just wrong? To me this looks like >>> 'tls-cert-bundle' is not properly place inside a "server:" block. >>> It's hard to see in your HTML-formatted email. >>> >>> Kind regards, >>> Tom >>> >>> On 03-04-19 00:25, rollingonchrome via Unbound-users wrote: >>>> Thanks again, Yuri. >>>> >>>> I'm still having problems. As a reminder, I'm on Raspbian which only >>>> has a 1.6.0 stable package. >>>> >>>> I downloaded and built the 1.9.1 source code from here: >>>> http://www.unbound.net/downloads/unbound-1.9.1.tar.gz >>>> >>>> The build is verified as Version 1.9.1. >>>> >>>> It works fine (exactly as on 1.6.0 and 1.9.2) WITHOUT the >>>> "tls-cert-bundle" keyword. >>>> >>>> With the "tls-cert-bundle" keyword, I continue to get this error and >>>> nothing works. It appears that unbound doesn't recognize the >>>> "tls-cert-bundle" keyword: >>>> >>>> pr 2 15:06:51 raspberrypi_pi-hole systemd[1]: Started Unbound DNS >>>> server via resolvconf. >>>> Apr 2 15:06:51 raspberrypi_pi-hole unbound[27172]: >>>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: unknown >>>> keyword 'tls-cert-bundle' >>>> Apr 2 15:06:51 raspberrypi_pi-hole unbound[27172]: >>>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray ':' >>>> Apr 2 15:06:51 raspberrypi_pi-hole unbound[27172]: >>>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray '"' >>>> Apr 2 15:06:51 raspberrypi_pi-hole unbound[27172]: >>>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: unknown >>>> keyword '/etc/ssl/certs/ca-certificates.crt' >>>> Apr 2 15:06:51 raspberrypi_pi-hole unbound[27172]: >>>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray '"' >>>> Apr 2 15:06:51 raspberrypi_pi-hole unbound[27172]: read >>>> /etc/unbound/unbound.conf failed: 5 errors in configuration file >>>> Apr 2 15:06:51 raspberrypi_pi-hole unbound[27172]: [1554242811] >>>> unbound[27172:0] fatal error: Could not read config file: >>>> /etc/unbound/unbound.conf >>>> >>>> Yuri yvoinov at gmail.com <http://gmail.com> >>>> Tue Apr 2 21:43:19 CEST 2019 >>>> Previous message (by thread): TLS certificate question about Unbound >>>> 1.9.2 >>>> >>>> You're welcome :) >>>> >>>> And make sure you really installed built binaries. >>>> >>>> -- "C++ seems like a language suitable for firing other people's legs." ***************************** * C++20 : Bug to the future * *****************************
signature.asc
Description: OpenPGP digital signature
