When all rpz zone files are located in unbound default dir they work fine, however if I try to relocate them to a separate location unbound fails
with error: cannot open zonefile /opt/share/rpz/rpz.urlhause.zone for rpz.urlhause.abuse.ch.zone.: No such file or directory
The new directory is created with chown nobody /opt/share/rpz and the files so indeed exists in that location.
ls -l /opt/share/rpz Do I need to do anyhting else to get these working ? I like to keep rpz files separate from unbound default location.
-rwxrwxrwx 1 admin root 441 Apr 11 22:24 rpz-refresh
-rw-rw-rw- 1 admin root 769 Apr 11 22:18 rpz.block.hosts.zone
-rw-rw-rw- 1 admin root 2847590 Apr 11 22:18 rpz.stevenblack.zone
-rw-rw-rw- 1 admin root 707 Apr 11 22:18 rpz.trend.micro.zone
-rw-rw-rw- 1 admin root 125804 Apr 11 22:18 rpz.urlhause.zone
-rw-rw-rw- 1 admin root 629 Apr 11 22:24 unbound.conf.rpz
Hi Mark,
I suppose you use the chroot option in your configuration file (enabled by default). That will prevent unbound from accessing files outside the configured chroot. Based on your policy you could:
- Disable chroot with chroot: "", or
- Bind mount the /opt/share/rpz location inside the chroot.
Best regards,
-- George
Hi Mark,
I don't understand the need for multiple `directory:` entries. `directory:` configures the working directory of the program, I don't see how there could be more than one.
Maybe what you need is achieved with the `include:` directive where you can specify other configuration files to be included. Those files can then live in an organized directory structure. There is wildcard support to include all the contents from a given directory:
include: /path/to/dir/*
You can also use `include-toplevel:`. Read the manpage of unbound.conf right under the section "FILE FORMAT" to see how those two are meant to be used.
Best regards,
-- George
Hi Mark,
I don't understand the need for multiple `directory:` entries. `directory:`
configures the working directory of the program, I don't see how there could be
more than one.Maybe what you need is achieved with the `include:` directive where you can
specify other configuration files to be included. Those files can then live in an
organized directory structure. There is wildcard support to include all the
contents from a given directory:
include: /path/to/dir/*You can also use `include-toplevel:`. Read the manpage of unbound.conf right under
the section "FILE FORMAT" to see how those two are meant to be used.Best regards,
-- GeorgeIntead of chroot: "" I have specified chroot: /opt/var/lib, one level up. This way unbound is contained under one directory.
My zone files will reside in /opt/var/lib/zones.
IF as is default, unbound is in a chroot(ed) directory. Everything below that dir IS
available to unbound -- SO LONG -- as unbound has permission to READ those directories.
Is it possible the directories were written by YOU, and, as a result, unbound is not
permitted to read them?
In *BSD parlance, the following would correct that.
Assuming the user unbound is unbound:
# cd /opt/var/lib
# chown -Rh unbound:unbound .
After performing the equivalent command for YOUR OS. Simply restart unbound.
HTH
--Chris