Opened 9 years ago
Last modified 9 years ago
#49264 closed defect
unbound don't promote DNSSEC under El Capitan — at Version 3
Reported by: | macuserguru | Owned by: | macports-tickets@… |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | 2.3.4 |
Keywords: | haspatch | Cc: | fritzs@… |
Port: | unbound |
Description (last modified by danielluke (Daniel J. Luke))
I had run unbound under Yosemite and DNSSEC works well.
Now after upgrade to El Capitan I delete all ports and reinstalled all new.
Now unbound don't promote DNSSEC but it runs well.
update root key works well to /opt/local/var/run/unbound/root.key
a part of unbound.conf
chroot: "/opt/local/etc/unbound" username: "unbound" directory: "/opt/local/etc/unbound" logfile: "/logs/unbound.log" use-syslog: no log-time-ascii: yes log-queries: yes root-hints: "/named.cache" harden-glue: yes harden-dnssec-stripped: yes
What could I do to resolve this?
Change History (3)
comment:1 Changed 9 years ago by macuserguru
Cc: | fritzs@… added |
---|
comment:2 Changed 9 years ago by danielluke (Daniel J. Luke)
I can replicate this. If I uncomment auto-trust-anchor-file: "/opt/local/var/run/unbound/root.key" in the unbound.conf, and start with verbose/debug, I get the following in syslog:
Oct 13 15:55:00 xeon unbound[13437] <Notice>: [13437:0] notice: init module 0: validator Oct 13 15:55:00 xeon unbound[13437] <Error>: [13437:0] error: unable to open /opt/local/var/run/unbound/root.key for reading: No such file or directory Oct 13 15:55:00 xeon unbound[13437] <Error>: [13437:0] error: error reading auto-trust-anchor-file: /opt/local/var/run/unbound/root.key Oct 13 15:55:00 xeon unbound[13437] <Error>: [13437:0] error: validator: error in trustanchors config Oct 13 15:55:00 xeon unbound[13437] <Error>: [13437:0] error: validator: could not apply configuration settings. Oct 13 15:55:00 xeon unbound[13437] <Error>: [13437:0] error: module init for module validator failed Oct 13 15:55:00 xeon unbound[13437] <Critical>: [13437:0] fatal error: failed to setup modules
which is odd, because the file is there and readable by the 'unbound' user.
comment:3 Changed 9 years ago by danielluke (Daniel J. Luke)
Description: | modified (diff) |
---|
Note: See
TracTickets for help on using
tickets.
Cc Me!