[Swan-dev] f28: unbound crashing

Andrew Cagney andrew.cagney at gmail.com
Tue Aug 7 20:49:05 UTC 2018 

>From IRC discussion of
http://testing.libreswan.org/results/testing/v3.25-375-g619052a-f28/seccomp-03-updown/OUTPUT/road.console.diff
Bleve points out that the failure is because unbound didn't start.
The logs show:

Aug 07 16:22:37 road unbound[941]: [941:0] notice: init module 0: subnet
Aug 07 16:22:37 road unbound[941]: [941:0] notice: init module 1: validator
Aug 07 16:22:37 road unbound[941]: [941:0] error: error opening file
/etc/unbound/dlv.isc.org.key: No such file or directory
Aug 07 16:22:37 road unbound[941]: [941:0] error: error reading
dlv-anchor-file: /etc/unbound/dlv.isc.org.key
Aug 07 16:22:37 road unbound[941]: [941:0] error: validator: error in
trustanchors config
Aug 07 16:22:37 road unbound[941]: [941:0] error: validator: could not
apply configuration settings.
Aug 07 16:22:37 road unbound[941]: [941:0] error: module init for
module validator failed
Aug 07 16:22:37 road unbound[941]: [941:0] fatal error: failed to setup modules

and it is something being picked up from our custom config.  Anyone
with an easy fix?

Here are some more details.

# ls -l /etc/unbound/
total 60
drwxr-xr-x. 2 root unbound    30 Jul 27 16:34 conf.d
-rw-r--r--. 1 root root    13026 Jul 18 05:41 icannbundle.pem
drwxr-xr-x. 2 root unbound    29 Jul 27 16:34 keys.d
drwxr-xr-x. 2 root unbound    36 Jul 27 16:34 local.d
-rw-r--r--. 1 root root      939 Jul 18 05:43 root.key
-rw-r--r--. 1 root root    21940 Aug  7 16:22 unbound.conf
-rw-------. 1 root root     2455 Aug  7 16:22 unbound_control.key
-rw-r-----. 1 root root     1330 Aug  7 16:22 unbound_control.pem
-rw-------. 1 root root     2459 Aug  7 16:22 unbound_server.key
-rw-r-----. 1 root root     1318 Aug  7 16:22 unbound_server.pem

# rpm -V unbound
S.5....T.  c /etc/unbound/unbound.conf
.M....G..  g /etc/unbound/unbound_control.key
......G..  g /etc/unbound/unbound_control.pem
.M....G..  g /etc/unbound/unbound_server.key
......G..  g /etc/unbound/unbound_server.pem

# grep dlv.isc.org.key /etc/unbound/*
grep: /etc/unbound/conf.d: Is a directory
grep: /etc/unbound/keys.d: Is a directory
grep: /etc/unbound/local.d: Is a directory
/etc/unbound/unbound.conf:    # Downloaded from
https://secure.isc.org/ops/dlv/dlv.isc.org.key
/etc/unbound/unbound.conf:    dlv-anchor-file: "/etc/unbound/dlv.isc.org.key"

More information about the Swan-dev mailing list