Hello all,
This is Arch Linux, so probably an upgrade did me in:
atlanta# rc.d start unbound
:: Starting unbound daemon
[FAIL]
atlanta# pacman -Ss unbound
community/unbound 1.4.17-1 [installed]
Validating, recursive, and caching DNS resolver
atlanta# ls -ald /etc/unbound
drwxr-xr-x 2 root root 1024 May 25 02:22 /etc/unbound
atlanta# ls -al /etc/unbound
total 81
drwxr-xr-x 2 root root 1024 May 25 02:22 .
drwxr-xr-x 83 root root 4096 May 25 02:22 ..
- -rwx------ 1 unbound root 759 Feb 3 07:57 dnssec_root.key
- -rw-r--r-- 1 root root 350 Jan 8 17:49 local-zone.conf
- -rw-r--r-- 1 unbound root 759 Jan 8 17:49 root.key
- -rw-r--r-- 1 root root 23455 May 18 23:47 unbound.conf
- -rw-r--r-- 1 root root 20061 Jan 8 17:49 unbound.conf.dpkg-dist
- -rw-r--r-- 1 root root 21209 May 24 06:40 unbound.conf.example
- -rw-r----- 1 root root 1277 Jan 8 17:49 unbound_control.key
- -rw-r----- 1 root root 802 Jan 8 17:49 unbound_control.pem
- -rw-r----- 1 root root 1277 Jan 8 17:49 unbound_server.key
- -rw-r----- 1 root root 790 Jan 8 17:49 unbound_server.pem
atlanta# unbound
/etc/unbound/unbound.conf:572: error: syntax error
read /etc/unbound/unbound.conf failed: 1 errors in configuration file
[1337937787] unbound[3676:0] fatal error: Could not read config file:
/etc/unbound/unbound.conf
As you can see, the file exists. This *was* working until recently.
Now I discover it is *not* working. So what's new that broke this?
Thanks!
- --
David Benfell
benfell@parts-unknown.org
Oh, now I see (it's nearly 3 am here). The line in question is:
do-not-query-localhost: no
I'm trying to get dnscrypt working--which is another problem (it
crashes instantly)--which is why this line is present. What am I
supposed to do instead?
- --
David Benfell
benfell@parts-unknown.org
Hi David,
Hello all,
This is Arch Linux, so probably an upgrade did me in:
atlanta# rc.d start unbound :: Starting unbound daemon
[FAIL] atlanta# pacman -Ss unbound community/unbound 1.4.17-1
[installed] Validating, recursive, and caching DNS resolver
atlanta# ls -ald /etc/unbound drwxr-xr-x 2 root root 1024 May 25
02:22 /etc/unbound atlanta# ls -al /etc/unbound total 81 drwxr-xr-x
2 root root 1024 May 25 02:22 . drwxr-xr-x 83 root root
4096 May 25 02:22 .. -rwx------ 1 unbound root 759 Feb 3 07:57
dnssec_root.key -rw-r--r-- 1 root root 350 Jan 8 17:49
local-zone.conf -rw-r--r-- 1 unbound root 759 Jan 8 17:49
root.key -rw-r--r-- 1 root root 23455 May 18 23:47
unbound.conf -rw-r--r-- 1 root root 20061 Jan 8 17:49
unbound.conf.dpkg-dist -rw-r--r-- 1 root root 21209 May 24
06:40 unbound.conf.example -rw-r----- 1 root root 1277 Jan 8
17:49 unbound_control.key -rw-r----- 1 root root 802 Jan 8
17:49 unbound_control.pem -rw-r----- 1 root root 1277 Jan 8
17:49 unbound_server.key -rw-r----- 1 root root 790 Jan 8
17:49 unbound_server.pem atlanta# unbound
/etc/unbound/unbound.conf:572: error: syntax error read
/etc/unbound/unbound.conf failed: 1 errors in configuration file
[1337937787] unbound[3676:0] fatal error: Could not read config
file: /etc/unbound/unbound.conf
As you can see, the file exists. This *was* working until
recently. Now I discover it is *not* working. So what's new that
broke this?
What does it say on line 572 (and the lines right before it) ?
There should be no changes that break backwards compatibility. Some
options have been added.
The error you see is from lex (flex), its lexical parser fails to
split the input into keywords and data values, so this is a syntax
error, not a grammar error or bad config value.
Best regards,
Wouter
Hi David,
atlanta# unbound /etc/unbound/unbound.conf:572: error: syntax
error read /etc/unbound/unbound.conf failed: 1 errors in
configuration file [1337937787] unbound[3676:0] fatal error:
Could not read config file: /etc/unbound/unbound.conf
Oh, now I see (it's nearly 3 am here). The line in question is:
do-not-query-localhost: no
This works for me, this line. Did you compile from source? In that
case, make clean, rm util/configlexer.c util/configparser.c and make
it again. Perhaps Makefile rules have failed somehow resulting in
flex and yacc sources to get out of sync?
Or, extract the source tarball again (flex and yacc have been run for
you, and the source is present in the tarball for people without the
flex and byacc tools) and set those files readonly ...
I'm trying to get dnscrypt working--which is another problem (it
crashes instantly)--which is why this line is present. What am I
supposed to do instead?
The do-not-query-localhost option should work in unbound.conf...
Best regards,
Wouter
Hi Wouter,
Oh, now I see (it's nearly 3 am here). The line in question is:
do-not-query-localhost: no
This works for me, this line. Did you compile from source? In
that case, make clean, rm util/configlexer.c util/configparser.c
and make it again. Perhaps Makefile rules have failed somehow
resulting in flex and yacc sources to get out of sync?
No, it's the Arch Linux package. And I'm pretty sure I saw an upgrade
to unbound recently (but must have failed to notice when the restart
didn't work).
Thanks!
- --
David Benfell
benfell@parts-unknown.org
Did you cut&paste from a man-page rendered in UTF-8 which turned the
minus sign into some fancy Unicode dash? That's bitten me a few times
in the past, before I learnt to watch for it.
(It's a minus sign in the email, but that could be conversion back to
ASCII in the email client).
-Phil
Just to be sure, I replaced the dashes in the configuration with
dashes (they looked like dashes to me in the first place). No joy.
Thanks!
- --
David Benfell
benfell@parts-unknown.org
I have now attempted building unbound from source. I'm still getting
the same error:
/usr/local/etc/unbound/unbound.conf:572: error: syntax error
Here is my attempt at filtering my configuration:
atlanta# egrep -v "^[[:space:]]*#|^$" /etc/unbound/unbound.conf
server:
verbosity: 1
extended-statistics: yes
interface: 127.0.0.1
interface: 10.8.0.1
interface: ::1
outgoing-interface: 127.0.0.1
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 10.8.0.0/16 allow
access-control: ::0/0 refuse
access-control: ::1 allow
chroot: ""
harden-referral-path: yes
use-caps-for-id: yes
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 192.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
do-not-query-localhost: no
prefetch: yes
prefetch-key: yes
auto-trust-anchor-file: "/etc/unbound/dnssec_root.key"
val-log-level: 2
local-zone: "parts-unknown.org." static
local-data: "parts-unknown.org. IN A 74.207.225.79"
local-data: "parts-unknown.org. IN MX 10 parts-unknown.org."
local-data: "atlanta.parts-unknown.org. IN A 10.8.0.1"
local-data: "graton.parts-unknown.org. IN A 10.8.0.10"
local-data: "graton.parts-unknown.org. IN MX 20 parts-unknown.org."
local-data: "graton.parts-unknown.org. IN MX 10
graton.parts-unknown.org."
local-data: "n4rky.parts-unknown.org. IN A 10.8.0.22"
local-data: "notary.parts-unknown.org. IN A 10.8.0.1"
local-data: "www.parts-unknown.org. IN A 74.207.225.79"
local-data: "s.parts-unknown.org. IN A 74.207.225.79"
local-zone: "cybernude.org." static
local-data: "cybernude.org. IN A 173.230.137.73"
local-data: "cybernude.org. IN MX 10 parts-unknown.org."
local-data: "atlanta.cybernude.org. IN A 10.8.0.1"
local-data: "graton.cybernude.org. IN A 10.8.0.10"
local-data: "graton.cybernude.org. IN MX 20 parts-unknown.org."
local-data: "graton.cybernude.org. IN MX 10 graton.parts-unknown.org."
local-data: "n4rky.cybernude.org. IN A 10.8.0.22"
local-data: "www.cybernude.org. IN A 10.8.0.10"
local-data: "s.cybernude.org. IN A 173.230.137.73"
local-zone: "disunitedstates.com." static
local-data: "disunitedstates.com. IN A 173.230.137.73"
local-data: "disunitedstates.com. IN MX 10 parts-unknown.org."
local-data: "atlanta.disunitedstates.com. IN A 10.8.0.1"
local-data: "graton.disunitedstates.com. IN A 10.8.0.10"
local-data: "graton.disunitedstates.com. IN MX 10
graton.parts-unknown.org."
local-data: "graton.disunitedstates.com. IN MX 20
parts-unknown.org."
local-data: "n4rky.disunitedstates.com. IN A 10.8.0.22"
local-data: "www.disunitedstates.com. IN A 173.230.137.73"
local-data: "www.joomla.disunitedstates.com. IN A 173.230.137.73"
local-data: "s.disunitedstates.com. IN A 173.230.137.73"
local-zone: "disunitedstates.org." static
local-data: "disunitedstates.org. IN A 173.230.137.76"
local-data: "disunitedstates.org. IN MX 10 parts-unknown.org."
local-data: "atlanta.disunitedstates.org. IN A 10.8.0.1"
local-data: "graton.disunitedstates.org. IN A 10.8.0.10"
local-data: "graton.disunitedstates.org. IN MX 20
parts-unknown.org."
local-data: "graton.disunitedstates.org. IN MX 10
graton.parts-unknown.org."
local-data: "n4rky.disunitedstates.org. IN A 10.8.0.22"
local-data: "www.disunitedstates.org. IN A 173.230.137.76"
local-data: "s.disunitedstates.org. IN A 173.230.137.76"
local-zone: "n4rky.me." static
local-data: "n4rky.me. IN A 173.230.137.73"
local-data: "n4rky.me. IN MX 10 parts-unknown.org."
local-data: "atlanta.n4rky.me. IN A 10.8.0.1"
local-data: "graton.n4rky.me. IN A 10.8.0.10"
local-data: "n4rky.n4rky.me. IN A 10.8.0.22"
local-data: "www.n4rky.me. IN A 173.230.137.73"
local-data: "s.n4rky.me. IN A 173.230.137.73"
local-data-ptr: "10.8.0.1 atlanta.parts-unknown.org"
local-data-ptr: "10.8.0.10 graton.parts-unknown.org"
local-data-ptr: "10.8.0.22 n4rky.parts-unknown.org"
python:
remote-control:
control-enable: yes
control-interface: 127.0.0.1
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53
The line in question seems to be the do-not-query-localhost: no directive.
Thanks!
- --
David Benfell
benfell@parts-unknown.org
Hello all,
snip...
/etc/unbound/unbound.conf:572: error: syntax error read
/etc/unbound/unbound.conf failed: 1 errors in configuration file
[1337937787] unbound[3676:0] fatal error: Could not read config
file: /etc/unbound/unbound.conf
Someone emailed me off list to point out that I had two copies of the
same directive. It was complaining about the second. Commenting it out
enabled it to start (once I took care of some other problems caused by
the introduction of a now fixed dnscrypt-proxy).
Thanks!
- --
David Benfell
benfell@parts-unknown.org