hi!

i managed to install unbound using apt-get

i changed the source list. I am using 8.04 and for newer version there is a package available.

is still an issue i couldn;t install using the sources.
changing the source list in apt could be an issue because I am not sure it will be aproved as a solution for production servers.

so, fresh install in a vm machine, updatem upgrade, change the source list, update, apt-get install unbound

it started, than i’ve noticed:

locate unbound.conf
/etc/unbound/unbound.conf
/usr/share/man/man5/unbound.conf.5.gz
/var/lib/dpkg/info/unbound.conffiles
/var/lib/unbound/etc/unbound/unbound.conf

som, there are 2 unbound.conf files.

which one is used?

Gabi

Hi Gabriel,

unbound -h print the config file it wants to use by default.
You can select a config file with -c.

Best regards,
   Wouter

Gabriel Petrescu wrote:

i did it, here are the results:

root@unbound5:~# unbound -h
usage: unbound [options]
start unbound daemon DNS resolver.
-h this help
-c file config file to read instead of /etc/unbound/unbound.conf
file format is described in unbound.conf(5).
-d do not fork into the background.
-v verbose (more times to increase verbosity)
Version 1.2.1
libevent mini-event-1.2.1, libldns 1.4.0, OpenSSL 0.9.8g 19 Oct 2007
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl

if you install it manually from sources use the: /var/lib/unbound/etc/unbound/unbound.conf

i will try to make it work and generate statistics.. I hope it will work

unbound it’s a bit confusing… i am trying to make also a tutorial / rule how to install it on ubuntu for production servers, but at this momment:

• from sources it generates errors;
• from packages, we should use not standard repositories; i hope this will work..

Gabi

It appears the ubuntu package does indeed install two configuration files. We might need to ask the package maintainer why this is done (we only provide the source code)

i will try to make it work and generate statistics.. I hope it will work

unbound it's a bit confusing... i am trying to make also a tutorial / rule how to install it on ubuntu for production servers, but at this momment:
- from sources it generates errors;

this should not happen, on my ubuntu system it compiles cleanly, but maybe we can help you with this; could you please provide some details?

- from packages, we should use not standard repositories; i hope this will work..

I don't understand this sentence; do you mean because unbound hasn't been packaged for older versions of Ubuntu than Intrepid?

Regards,

Jelte

At this momment:

for ubuntu you can install from source or to use the package available in 904.
if you the 804 repositories (as default) or default repository list in 804 no unbound..

on a new fresh vm i changed the repository list (if you need it tell me) and installed the unbound.

install, 2 config files, the default cnfig file is: /etc/unbound/unbound.conf
edit this file, enabled:

server:
interface: 0.0.0.0
interface: ::0
access-control: 0.0.0.0/0 allow
access-control: ::1 allow
verbosity: 1

statistics-interval: 0
extended-statistics: yes

set to yes if graphing tool needs it

statistics-cumulative: no

remote-control:
control-enable: yes

than run:
apt-get install openssl

root@unbound5:~# unbound-control-setup
setup in directory /etc/unbound
generating unbound_server.key
Generating RSA private key, 1024 bit long modulus
…++++++
…++++++
e is 65537 (0x10001)
generating unbound_control.key
Generating RSA private key, 1024 bit long modulus
…++++++
…++++++
e is 65537 (0x10001)
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
root@unbound5:~# unbound-control stats
error: Error setting up SSL_CTX client key and cert
28440:error:02001002:system library:fopen:No such file or directory:bss_file.c:3 52:fopen(‘/var/lib/unbound/etc/unbound/unbound_control.pem’,‘r’)
28440:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
28440:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rs a.c:470:

so here I am… the same situation as in installation from sources..

locate unbound_control.pem
/etc/unbound/unbound_control.pem

than i created a sym link:

ln -s /var/lib/unbound/etc/unbound/unbound_control.pem /etc/unbound/unbound_control.pem
ln: creating symbolic link `/etc/unbound/unbound_control.pem’: File exists
root@unbound5:~# unbound-control stats
error: Error setting up SSL_CTX client key and cert
28444:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen(‘/var/lib/unbound/etc/unbound/unbound_control.pem’,‘r’)
28444:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
28444:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:470:

at this momment i have no ideea what to do…

Gabi

Hi Gabriel,

You have the arguments to ln -s in the wrong order.

Fix that, or edit the file statements in the remote-control section of
the config file to point to the right files.

Best regards,
   Wouter

Gabriel Petrescu wrote:

in config file i unachecked:

unbound server key file.

server-key-file: “/etc/unbound/unbound_server.key”

unbound server certificate file.

server-cert-file: “/etc/unbound/unbound_server.pem”

unbound-control key file.

control-key-file: “/etc/unbound/unbound_control.key”

unbound-control certificate file.

control-cert-file: “/etc/unbound/unbound_control.pem”

so it pointed to the right files

than unbound-control stats

generated a lot of data

until now it seems to be fine.

i will post as i finnish my succesfull way to install unbound on ubuntu

i will come with updates.

thank you for help

gabi

Hi Gabriel,

locate unbound.conf
/etc/unbound/unbound.conf
/usr/share/man/man5/unbound.conf.5.gz
/var/lib/dpkg/info/unbound.conffiles
unbound.conf

som, there are 2 unbound.conf files.

which one is used?
from my point of view it's not ok. it's easy to make a mistake and
edit the wrong file...

The startup script for the unbound ubuntu package puts unbound into a
chroot by default (/var/lib/unbound). Upon restart, it copies
everything from /etc/unbound into /var/lib/unbound/etc/unbound, hence
the multiple config files.

It is a pretty strange way to do things, and also breaks
unbound-control into the bargain! I had a bit of a "WTF" moment when I
discovered this behaviour.

rg