[Unbound-users] Failure using an address in unbound.conf
Hayward, Bruce
Bruce.Hayward at mtsallstream.com
Wed Aug 18 16:35:07 UTC 2010
Hi
We are using virtual/logical IPs (anycast model - multiple sites across
the country using the same logical IP) that the clients use to resolve
regardless of which site they are in (same virtual/logical IP)
When running Bind on the server, this works.
When stripping Bind off of the server (there is no iptables) and
specifying the IP in the unbound.conf I get
"Starting Unbound DNS resolver: [1282148605] unbound[13241:0] error:
can't bind socket: Cannot assign requested address
[1282148605] unbound[13241:0] fatal error: could not open ports"
When removing the Virtual from the unbound.conf and using 0.0.0.0, it
works against the physical (but does not resolve against the
logical/virtuals)
Ideas?
Bruce
Bruce Hayward, MTS Allstream Inc., (c) 204-792-9174 (p) 204-958-1983 (e)
bruce.hayward at mtsallstream.com <mailto:bruce.hayward at mtsallstream.com>
________________________________
From: Hayward, Bruce
Sent: August 13, 2010 7:17 AM
To: unbound-users at unbound.net
Subject: could not create unbound_control.pem
We are trying unbound on a couple of type of servers. Currently on a
Sun Netra 240 running Solaris 10.
After configure/gmake.gmake install I see the below unknown option
-sha256, and in the end: ./unbound-control-setup fatal error: could not
create unbound_control.pem
:
root at wnpgmb024rw-ns05# ./unbound-control-setup
setup in directory /var/unbound
generating unbound_server.key
Generating RSA private key, 1536 bit long modulus
.....................++++
..................................................++++
e is 65537 (0x10001)
generating unbound_control.key
Generating RSA private key, 1536 bit long modulus
......................................................++++
....................++++
e is 65537 (0x10001)
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
unknown option -sha256
usage: x509 args
-inform arg - input format - default PEM (one of DER, NET or PEM)
-outform arg - output format - default PEM (one of DER, NET or PEM)
-keyform arg - private key format - default PEM
-CAform arg - CA format - default PEM
-CAkeyform arg - CA key format - default PEM
-in arg - input file - default stdin
-out arg - output file - default stdout
-passin arg - private key password source
-serial - print serial number value
-hash - print hash value
-subject - print subject DN
-issuer - print issuer DN
-email - print email address(es)
-startdate - notBefore field
-enddate - notAfter field
-purpose - print out certificate purposes
-dates - both Before and After dates
-modulus - print the RSA key modulus
-pubkey - output the public key
-fingerprint - print the certificate fingerprint
-alias - output certificate alias
-noout - no certificate output
-ocspid - print OCSP hash values for the subject name and
public key
-trustout - output a "trusted" certificate
-clrtrust - clear all trusted purposes
-clrreject - clear all rejected purposes
-addtrust arg - trust certificate for a given purpose
-addreject arg - reject certificate for a given purpose
-setalias arg - set certificate alias
-days arg - How long till expiry of a signed certificate - def 30
days
-checkend arg - check whether the cert expires in the next arg
seconds
exit 1 if so, 0 if not
-signkey arg - self sign cert with arg
-x509toreq - output a certification request object
-req - input is a certificate request, sign and output.
-CA arg - set the CA certificate, must be PEM format.
-CAkey arg - set the CA key, must be PEM format
missing, it is assumed to be in the CA file.
-CAcreateserial - create serial number file if it does not exist
-CAserial arg - serial file
-set_serial - serial number to use
-text - print the certificate in text form
-C - print out C code forms
-md2/-md5/-sha1/-mdc2 - digest to use
-extfile - configuration file with X509V3 extensions to add
-extensions - section from config file with X509V3 extensions to
add
-clrext - delete extensions before signing and input
certificate
-nameopt arg - various certificate name options
-engine e - use engine e, possibly a hardware device.
-certopt arg - various certificate text options
./unbound-control-setup fatal error: could not create
unbound_control.pem
root at wnpgmb024rw-ns05# [B
Bruce
Bruce Hayward, MTS Allstream Inc., (c) 204-792-9174 (p) 204-958-1983 (e)
bruce.hayward at mtsallstream.com <mailto:bruce.hayward at mtsallstream.com>
Is it really necessary to print this email?
MTS ALLSTREAM INC. CONFIDENTIALITY WARNING: This email message is confidential and intended only for the named recipient(s). If you are not the intended recipient, or an agent responsible for delivering it to the intended recipient, or if this message has been sent to you in error, you are hereby notified that any review, use, dissemination, distribution or copying of this message or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete the original message. If there is an agreement attached with this message, such agreement will not be binding until it is signed by all parties named therein.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100818/2da6f76b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: homecoming_with_no_top_100_email_signature.gif
Type: image/gif
Size: 8211 bytes
Desc: homecoming_with_no_top_100_email_signature.gif
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100818/2da6f76b/attachment.gif>
More information about the Unbound-users
mailing list