How do I install unbound?

水上ナツ missiruka1988 at gmail.com
Fri Feb 1 07:27:30 UTC 2019 

Hello Willem-san

Thank you for your reply.

I installed unbound-1.9.0rc1 from the source. Starting unbound.conf with
the default, failed to start.
Is there anything that you have to set at a minimum? How can I start it?

The following is the operation log.
------------------------------------
# wget https://nlnetlabs.nl/downloads/unbound/unbound-1.9.0rc1.tar.gz
# tar zxvf unbound-1.9.0rc1.tar.gz
# ./configure
# make
# make install
# rpm -q openssl-devel
openssl-devel-1.0.2k-16.el7.x86_64
# rpm -q openssl-devel
openssl-devel-1.0.2k-16.el7.x86_64
# /etc/rc.d/init.d/unbound start
Starting unbound (via systemctl):  Job for unbound.service failed because
the control process exited with error code. See "systemctl status
unbound.service" and "journalctl -xe" for details.

[Fail]
# systemctl status unbound.service
● unbound.service - LSB: unbound recursive Domain Name Server.
   Loaded: loaded (/etc/rc.d/init.d/unbound; bad; vendor preset: disabled)
   Active: failed (Result: exit-code) since  2019-02-01 16:01:19 JST; 36s
ago
     Docs: man:systemd-sysv-generator(8)
  Process: 2148 ExecStart=/etc/rc.d/init.d/unbound start (code=exited,
status=5)

 2月 01 16:01:18 example.com systemd[1]: Starting LSB: unbound recursive
Domain Name Server....
 2月 01 16:01:19 example.com systemd[1]: unbound.service: control process
exited, code=exited status=5
 2月 01 16:01:19 example.com systemd[1]: Failed to start LSB: unbound
recursive Domain Name Server..
 2月 01 16:01:19 example.com systemd[1]: Unit unbound.service entered failed
state.
 2月 01 16:01:19 example.com systemd[1]: unbound.service failed.

# journalctl -xe
-- Unit session-1410.scope has begun starting up.
 2月 01 16:01:01 example.com CROND[2111]: (root) CMD (run-parts
/etc/cron.hourly)
 2月 01 16:01:01 example.com run-parts(/etc/cron.hourly)[2115]: starting
0anacron
 2月 01 16:01:01 example.com run-parts(/etc/cron.hourly)[2121]: finished
0anacron
 2月 01 16:01:01 example.com run-parts(/etc/cron.hourly)[2123]: starting
mcelog.cron
 2月 01 16:01:01 example.com run-parts(/etc/cron.hourly)[2127]: finished
mcelog.cron
 2月 01 16:01:18 example.com polkitd[756]: Registered Authentication Agent
for unix-process:2141:71567004 (system bus name :1.2995
[/usr/bin/pkttyagent --notify-fd 5 --fallback], object path
/org/freedesktop/PolicyKit1/Authe
 2月 01 16:01:18 example.com systemd[1]: Starting LSB: unbound recursive
Domain Name Server....
-- Subject: Unit unbound.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit unbound.service has begun starting up.
 2月 01 16:01:19 example.com systemd[1]: unbound.service: control process
exited, code=exited status=5
 2月 01 16:01:19 example.com systemd[1]: Failed to start LSB: unbound
recursive Domain Name Server..
-- Subject: Unit unbound.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit unbound.service has failed.
--
-- The result is failed.
 2月 01 16:01:19 example.com systemd[1]: Unit unbound.service entered failed
state.
 2月 01 16:01:19 example.com systemd[1]: unbound.service failed.
 2月 01 16:01:19 example.com polkitd[756]: Unregistered Authentication Agent
for unix-process:2141:71567004 (system bus name :1.2995, object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale ja_JP.UTF-8)
(disconne
# tail -f /var/log/messages
Feb  1 16:01:18 example systemd: Starting LSB: unbound recursive Domain
Name Server....
Feb  1 16:01:19 example systemd: unbound.service: control process exited,
code=exited status=5
Feb  1 16:01:19 example systemd: Failed to start LSB: unbound recursive
Domain Name Server..
Feb  1 16:01:19 example systemd: Unit unbound.service entered failed state.
Feb  1 16:01:19 example systemd: unbound.service failed.
------------------------------------

What is the solution?


2019年1月29日(火) 18:53 Willem Toorop via Unbound-users <
unbound-users at nlnetlabs.nl>:

> Hello 水上ナツ,
>
> You do not need ldns to compile unbound.
> The installation guide for Unbound is here:
>
>         https://nlnetlabs.nl/documentation/unbound/howto-setup/
>
> You could also try if your distribution has a pre-compiled binary. i.e.:
>
>         yum install unbound
>
>
> -- Willem
>
> On 29-01-19 09:30, 水上ナツ via Unbound-users wrote:
> > Hello. It is my first post.
> >
> > Unbound is not detailed at all.
> > I want to install unbound.
> > However, when installing ldns the following log was output and it did
> > not work.
> > ------
> > Please upgrade OpenSSL to version> = 1.1.0 or rerun with - disable -
> > dane - verify or - disable - dane - ta -usage
> > ------
> > The following is the operation log.
> >
> > What is the solution?
> > ----------------------------------------------------
> > # wget https://www.nlnetlabs.nl/downloads/ldns/ldns-1.7.0-rc3.tar.gz
> > # tar zxvf ldns-1.7.0-rc3.tar.gz
> > # cd ldns-1.7.0-rc3/
> > # ./configure
> > ...
> > configure: error: OpenSSL does not support offline DANE verification
> > (Needed for the DANE-TA usage type).  Please upgrade OpenSSL to version
> >>= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage
> >
> > # yum remove openssl
> > # wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
> > # tar zxvf openssl-1.1.1a.tar.gz
> > # cd openssl-1.1.1a/
> > # ./config
> > ...
> > **********************************************************************
> > ***                                                                ***
> > ***   OpenSSL has been successfully configured                     ***
> > ***                                                                ***
> > ***   If you encounter a problem while building, please open an    ***
> > ***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
> > ***   and include the output from the following command:           ***
> > ***                                                                ***
> > ***       perl configdata.pm <http://configdata.pm>
> > --dump                                ***
> > ***                                                                ***
> > ***   (If you are new to OpenSSL, you might want to consult the    ***
> > ***   'Troubleshooting' section in the INSTALL file first)         ***
> > ***                                                                ***
> > **********************************************************************
> > # make
> > # make install
> > # cd ldns-1.7.0-rc3/
> > # ./configure
> > ...
> > configure: error: OpenSSL does not support offline DANE verification
> > (Needed for the DANE-TA usage type).  Please upgrade OpenSSL to version
> >>= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage
> > # ./configure --disable-dane-verify
> > # make
> > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I.  -DHAVE_CONFIG_H
> > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\""
> > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g -O2
> > -I/usr/local/include -c ./buffer.c -o buffer.lo
> > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I.  -DHAVE_CONFIG_H
> > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\""
> > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g -O2
> > -I/usr/local/include -c ./dane.c -o dane.lo
> > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I.  -DHAVE_CONFIG_H
> > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\""
> > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g -O2
> > -I/usr/local/include -c ./dname.c -o dname.lo
> > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I.  -DHAVE_CONFIG_H
> > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\""
> > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g -O2
> > -I/usr/local/include -c ./dnssec.c -o dnssec.lo
> > ./dnssec.c: Within function 'ldns_convert_dsa_rrsig_asn12rdf':
> > ./dnssec.c: 1761: 12: Error: indirect reference to an incomplete type
> > pointer
> >    R = dsasig -> r;
> >              ^
> > ./dnssec.c: 1762: 12: Error: indirect reference to an incomplete type
> > pointer
> >    S = dsasig -> s;
> >              ^
> > ./dnssec.c: Within function 'ldns_convert_dsa_rrsig_rdf 2 asn 1':
> > ./dnssec.c: 1830: 8: Error: indirect reference to an incomplete type
> pointer
> >    dsasig -> r = R;
> >          ^
> > ./dnssec.c: 1831: 8: Error: indirect reference to an incomplete type
> pointer
> >    dsasig -> s = S;
> >          ^
> > ./dnssec.c: Within function 'ldns_convert_ecdsa_rrsig_asn1 len2rdf':
> > ./dnssec.c: 1870: 15: Error: indirect reference to an incomplete type
> > pointer
> >    r = ecdsa_sig-> r;
> >                 ^
> > ./dnssec.c: 1871: 15: Error: indirect reference to an incomplete type
> > pointer
> >    s = ecdsa_sig -> s;
> >                 ^
> > make: *** [dnssec.lo] Error 1
> > ----------------------------------------------------
> >
> > What is the solution?
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190201/e7bcc2d8/attachment.htm>

More information about the Unbound-users mailing list