New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unbound-helper root_trust_anchor_update fails without notice what happened #815
Comments
On 29 Dec 2022, at 23:32, M. Dietrich ***@***.***> wrote:
Describe the bug
when issuing /usr/libexec/unbound-helper root_trust_anchor_update it may fail (exit code 1) but doesnt tell what happened.
strace shows that it tries (unconditionally it seems, the config has a different path) to read and write to /usr/share/dns/root.key and /usr/share/dns doesnt exist
Unbound-helper is not part of the unbound distribution.
Maintaining the root.key is normally done with unbound-anchor, see man(1) unbound-anchor for details. This suggests that you want to do something like "unbound -a some-path".
To quote man(1) unbound-anchor:
Suggested usage:
# in the init scripts.
# provide or update the root anchor (if necessary)
unbound-anchor -a "/usr/local/etc/unbound/root.key"
# Please note usage of this root anchor is at your own risk
# and under the terms of our LICENSE (see source).
#
# start validating resolver
# the unbound.conf contains:
# auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
unbound -c unbound.conf
jaap
|
Sorry, in that case it seems to be a debian packaging problem, |
apt install unbound unbound-anchor |
Looks like there is a packaging mistake in the current Debian package version of unbound-anchor as it does not create the directory |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
when issuing
/usr/libexec/unbound-helper root_trust_anchor_update
it may fail (exit code 1) but doesnt tell what happened.strace shows that it tries (unconditionally it seems, the config has a different path) to read and write to
/usr/share/dns/root.key
and/usr/share/dns
doesnt exist.To reproduce
Steps to reproduce the behavior:
/usr/libexec/unbound-helper root_trust_anchor_update
strace /usr/libexec/unbound-helper root_trust_anchor_update
Expected behavior
the file to be generated.
System:
unbound -V
output:Additional information
in fact this are two problems: the wrong path and the missing logging.
The text was updated successfully, but these errors were encountered: