Unbound crashes with Basic

[N0Klu3]

Energized Protection - block ⚡

Let's make an annoyance free, better open internet, altogether!

Issue Submit Form

Provide the following infos properly, which will help us to resolve your issue quickly.

Issue(s):

Type x in between [ ] and make sure there isn't any space between brackets. Example; for Your Selected Issue(s), type like this - [x]
You can select more than one category of issues if you need to!

• Whitelist
• [x ] Blacklist
• App Broken
• Website Broken
• Request
• Other Issue

---

Pack(s):

Write the name of the pack(s) you are using.

• Pack(s) Name: Blu, Basic, and potentially others

---

Extension(s):

Also name the extension(s) if you are using any. If you don't then leave it blank.

• Extension(s) Name:

---

Domain(s):

If you are submitting this issue for whitelist/blacklist issue, send us the domain(s) for whitelisting/blacklisting here. Kindly use the Code Tag to prevent tracking.

• Domain(s):

0.0.0.0 d1r90st78epsag.cloudfront.net"
0.0.0.0 d1r90st78epsag.cloudfront.net",

---

Your Config:

Just to ensure there is no issues or conflicts with other app/software/magisk module/extension/source list.
Make sure you are running Energized Protection Service only.

• Client:

• Version:

---

Details:

Write us a lil bit more about your issue or query. You can attach any screen shot or log of the issue or advert, this will help to highlight it.

• Your Issue Detail:
  I am trying to load the blacklists into Unbound on OPNsense and keep getting the following errors:
  /var/unbound/etc/dnsbl.conf:561149: error: unknown keyword ','
  /var/unbound/etc/dnsbl.conf:561149: error: unknown keyword 'A'
  /var/unbound/etc/dnsbl.conf:561149: error: unknown keyword '0.0.0.0'
  /var/unbound/etc/dnsbl.conf:561149: error: stray '"'
  /var/unbound/etc/dnsbl.conf:2050091: error: unknown keyword 'A'
  /var/unbound/etc/dnsbl.conf:2050091: error: unknown keyword '0.0.0.0'
  /var/unbound/etc/dnsbl.conf:2050091: error: stray '"'
  read /var/unbound/unbound.conf failed: 7 errors in configuration file

It seems there is some garbled domains in the list and its causing Unbound to panic and will not start.

https://forum.opnsense.org/index.php?topic=22395.0
Please see this topic for a bit more info.

---

Load a host or domain list into unbound and it will not start as config is not clean.

Thank you for making Energized Protection great, with your kind help!

_{A project by Ador with ❤}

[AdroitAdorKhan]

Has been fixed. Can you confirm?

[kulikov-a]

updated post
not relevant, sorry

[kulikov-a]

@AdroitAdorKhan hi!
only
track*.datatrics.com and viglink.com* are questionable

[N0Klu3]

I can confirm it is now loading in unbound fine.
Are there any precautions in place so that if the lists are auto updating I dont wake up to a crashed unbound and no DNS?

[N0Klu3]

[1619622890] unbound-checkconf[28468:0] error: error parsing local-data at 22 'metric.print-mo.net..c.ns.emailvision.net.daraz.com A 0.0.0.0': Empty label
[1619622890] unbound-checkconf[28468:0] error: Bad local-data RR metric.print-mo.net..c.ns.emailvision.net.daraz.com A 0.0.0.0
[1619622890] unbound-checkconf[28468:0] fatal error: failed local-zone, local-data configuration

This is crashing again!

[N0Klu3]

Is there any way to add some better checks before publishing as it takes out OPNsense when using these blacklists and it breaks.
@AdroitAdorKhan

[giterest]

hi @N0Klu3 - i have the very same problem and opened an issue at #734.

it seems that whitelisting that entry is doing the trick as a workaround (assuming the two "." are the root cause).

but fully agree that it'd be great to have something like this sorted out before publishing.

[N0Klu3]

Thanks for the quick reply. I can add the whitelist later and test.
But would really like it ultimately fixed so that it doesnt cause issues every cron update.

[kulikov-a]

@N0Klu3
opnsense/core#4939 (comment)

[N0Klu3]

@kulikov-a

Can I pull this fix into OPNsense?
opnsense-patch f6c0fa8
opnsense-patch 565688c
opnsense-patch 31a0c40

Would this work?

[kulikov-a]

@N0Klu3
opnsense-patch 31a0c40 565688c f6c0fa8 should work imho

[N0Klu3]

Thanks will give that a bash later tonight

[N0Klu3]

@kulikov-a I can confirm that pushing those 3 patches like you wrote it worked!
And I can load the Energized blocklists without unbound crashing.

Do you know when this will become part of OPNsense release?

[giterest]

@kulikov-a i can also confirm that patching opnsense with #718 (comment) works.

[N0Klu3]

This is partly bad lists fault, but also bad parsing of said lists.
Both sides could use a bit of improvement.

[giterest]

ok, great - i'll leave mine (#734) open so hopefully it triggers a proper (future) handling. have a great day and thanks for the kind exchange @N0Klu3 / @kulikov-a !

[N0Klu3]

Thank you too...