TLS certificate question about Unbound 1.9.2

Tom Hendrikx tom at whyscream.net
Wed Apr 3 07:31:36 UTC 2019 

Hi,

When I add some garbage to my config:

=============================
$ cat unbound.conf
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"

# these lines are added
hoeba:
    kek: yes

=========================

I see similar errors:

$ sudo unbound-checkconf
/etc/unbound/unbound.conf:12: error: unknown keyword 'hoeba'
/etc/unbound/unbound.conf:12: error: stray ':'
/etc/unbound/unbound.conf:13: error: unknown keyword 'kek'
/etc/unbound/unbound.conf:13: error: stray ':'
/etc/unbound/unbound.conf:13: error: unknown keyword 'yes'
read /etc/unbound/unbound.conf failed: 5 errors in configuration file


Maybe you indentation is just wrong? To me this looks like 
'tls-cert-bundle' is not properly place inside a "server:" block.  It's 
hard to see in your HTML-formatted email.

Kind regards,
	Tom

On 03-04-19 00:25, rollingonchrome via Unbound-users wrote:
> Thanks again, Yuri.
> 
> I'm still having problems. As a reminder, I'm on Raspbian which only has 
> a 1.6.0 stable package.
> 
> I downloaded and built the 1.9.1 source code from here: 
> http://www.unbound.net/downloads/unbound-1.9.1.tar.gz
> 
> The build is verified as Version 1.9.1.
> 
> It works fine (exactly as on 1.6.0 and 1.9.2) WITHOUT the 
> "tls-cert-bundle" keyword.
> 
> With the "tls-cert-bundle" keyword, I continue to get this error and 
> nothing works. It appears that unbound doesn't recognize the 
> "tls-cert-bundle" keyword:
> 
> pr  2 15:06:51 raspberrypi_pi-hole systemd[1]: Started Unbound DNS 
> server via resolvconf.
> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: 
> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: unknown 
> keyword 'tls-cert-bundle'
> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: 
> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray ':'
> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: 
> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray '"'
> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: 
> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: unknown 
> keyword '/etc/ssl/certs/ca-certificates.crt'
> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: 
> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray '"'
> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: read 
> /etc/unbound/unbound.conf failed: 5 errors in configuration file
> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: [1554242811] 
> unbound[27172:0] fatal error: Could not read config file: 
> /etc/unbound/unbound.conf
> 
> Yuri yvoinov at gmail.com <http://gmail.com>
> Tue Apr 2 21:43:19 CEST 2019
> Previous message (by thread): TLS certificate question about Unbound 1.9.2
> 
> You're welcome :)
> 
> And make sure you really installed built binaries.
> 
>

More information about the Unbound-users mailing list