TLS certificate question about Unbound 1.9.2

Yuri yvoinov at gmail.com
Wed Apr 3 10:09:31 UTC 2019


Yes, Tom, yesterday I had same question :) Probably you right.

03.04.2019 13:31, Tom Hendrikx via Unbound-users пишет:
> Hi,
>
> When I add some garbage to my config:
>
> =============================
> $ cat unbound.conf
> # Unbound configuration file for Debian.
> #
> # See the unbound.conf(5) man page.
> #
> # See /usr/share/doc/unbound/examples/unbound.conf for a commented
> # reference config file.
> #
> # The following line includes additional configuration files from the
> # /etc/unbound/unbound.conf.d directory.
> include: "/etc/unbound/unbound.conf.d/*.conf"
>
> # these lines are added
> hoeba:
>    kek: yes
>
> =========================
>
> I see similar errors:
>
> $ sudo unbound-checkconf
> /etc/unbound/unbound.conf:12: error: unknown keyword 'hoeba'
> /etc/unbound/unbound.conf:12: error: stray ':'
> /etc/unbound/unbound.conf:13: error: unknown keyword 'kek'
> /etc/unbound/unbound.conf:13: error: stray ':'
> /etc/unbound/unbound.conf:13: error: unknown keyword 'yes'
> read /etc/unbound/unbound.conf failed: 5 errors in configuration file
>
>
> Maybe you indentation is just wrong? To me this looks like
> 'tls-cert-bundle' is not properly place inside a "server:" block. 
> It's hard to see in your HTML-formatted email.
>
> Kind regards,
>     Tom
>
> On 03-04-19 00:25, rollingonchrome via Unbound-users wrote:
>> Thanks again, Yuri.
>>
>> I'm still having problems. As a reminder, I'm on Raspbian which only
>> has a 1.6.0 stable package.
>>
>> I downloaded and built the 1.9.1 source code from here:
>> http://www.unbound.net/downloads/unbound-1.9.1.tar.gz
>>
>> The build is verified as Version 1.9.1.
>>
>> It works fine (exactly as on 1.6.0 and 1.9.2) WITHOUT the
>> "tls-cert-bundle" keyword.
>>
>> With the "tls-cert-bundle" keyword, I continue to get this error and
>> nothing works. It appears that unbound doesn't recognize the
>> "tls-cert-bundle" keyword:
>>
>> pr  2 15:06:51 raspberrypi_pi-hole systemd[1]: Started Unbound DNS
>> server via resolvconf.
>> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]:
>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: unknown
>> keyword 'tls-cert-bundle'
>> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]:
>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray ':'
>> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]:
>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray '"'
>> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]:
>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: unknown
>> keyword '/etc/ssl/certs/ca-certificates.crt'
>> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]:
>> /etc/unbound/unbound.conf.d/tls-cert-bundle.conf:4: error: stray '"'
>> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: read
>> /etc/unbound/unbound.conf failed: 5 errors in configuration file
>> Apr  2 15:06:51 raspberrypi_pi-hole unbound[27172]: [1554242811]
>> unbound[27172:0] fatal error: Could not read config file:
>> /etc/unbound/unbound.conf
>>
>> Yuri yvoinov at gmail.com <http://gmail.com>
>> Tue Apr 2 21:43:19 CEST 2019
>> Previous message (by thread): TLS certificate question about Unbound
>> 1.9.2
>>
>> You're welcome :)
>>
>> And make sure you really installed built binaries.
>>
>>
>
-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190403/9fbccadf/attachment.bin>


More information about the Unbound-users mailing list