Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

f38: fatal error: auto-trust-anchor-file: "/var/lib/unbound/root.key" does not exist #1332

Closed
cagney opened this issue Oct 16, 2023 · 7 comments
Closed

f38: fatal error: auto-trust-anchor-file: "/var/lib/unbound/root.key" does not exist #1332

cagney opened this issue Oct 16, 2023 · 7 comments
Labels
test framework problems with the test framework (KVM, NS, WWW, ...)

Comments

@cagney
Copy link
Collaborator

cagney commented Oct 16, 2023

nic on f38:

-- Boot 3b522066494a409bbb0b9109c9e6740e --
Oct 16 18:07:51 nic systemd[1]: Starting unbound.service - Unbound recursive Domain Name Server...
Oct 16 18:07:51 nic unbound-checkconf[505]: /var/lib/unbound/root.key: No such file or directory
Oct 16 18:07:51 nic unbound-checkconf[505]: [1697494071] unbound-checkconf[505:0] fatal error: auto-trust-anchor-file: "/var/lib/unbound/root.key" does not exist
Oct 16 18:07:51 nic systemd[1]: unbound.service: Control process exited, code=exited, status=1/FAILURE
Oct 16 18:07:51 nic systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 16 18:07:51 nic systemd[1]: Failed to start unbound.service - Unbound recursive Domain Name Server.

enable by adding:

KVM_FEDORA_ISO_URL = https://download.fedoraproject.org/pub/fedora/linux/releases/38/Server/x86_64/iso/Fedora-Server-dvd-x86_64-38-1.6.iso

to Makefile.inc.local and then run ./kvm base install check ikev2-71-cp-resolve-name
@cagney cagney added the test framework problems with the test framework (KVM, NS, WWW, ...) label Oct 16, 2023
@cagney
Copy link
Collaborator Author

cagney commented Oct 16, 2023 

[root@nic ikev2-71-cp-resolve-name]# ls -l /var/lib/unbound/root.key
lrwxrwxrwx. 1 root root 36 Aug 31 20:00 /var/lib/unbound/root.key -> ../../../etc/unbound/dnssec-root.key
[root@nic ikev2-71-cp-resolve-name]# ls -l /etc/unbound/dnssec-root.key
ls: cannot access '/etc/unbound/dnssec-root.key': No such file or directory

# ls -ld1 /testing/baseconfigs/all/etc/unbound/root.*
-rw-r--r--. 1 1000 1000 409 Mar 14  2023 /testing/baseconfigs/all/etc/unbound/root.anchor
-rw-r--r--. 1 1000 1000 556 Mar 14  2023 /testing/baseconfigs/all/etc/unbound/root.key

@cagney
Copy link
Collaborator Author

cagney commented Oct 16, 2023

copying root.key to dnssec-root.key leads to:

Oct 16 19:21:44 nic systemd[1]: Starting unbound.service - Unbound recursive Domain Name Server...
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: ldns error while converting string to RR at15: Syntax error, could not parse the RR's type: trusted-keys {
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: failed to load trust anchor from /var/lib/unbound/root.key at line 3, skipping
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: ldns error while converting string to RR at10: Syntax error, could not parse the RR's type: "." 257 3 8 "AwE>
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: failed to load trust anchor from /var/lib/unbound/root.key at line 4, skipping
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: ldns error while converting string to RR at3: Syntax error, could not parse the RR's TTL: };
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: failed to load trust anchor from /var/lib/unbound/root.key at line 6, skipping
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: failed to read /var/lib/unbound/root.key
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: error reading auto-trust-anchor-file: /var/lib/unbound/root.key
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: validator: error in trustanchors config
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] error: validator: could not apply configuration settings.
Oct 16 19:21:44 nic unbound-checkconf[609]: [1697498504] unbound-checkconf[609:0] fatal error: bad config for validator module
Oct 16 19:21:44 nic systemd[1]: unbound.service: Control process exited, code=exited, status=1/FAILURE

@letoams
Copy link
Member

letoams commented Oct 16, 2023 via email
edited by cagney

@bleve
Copy link
Collaborator

bleve commented Oct 17, 2023

It’s the wrong format file.I’ll have a look

That is likely when Petr replaced /var/lib/unbound/root.key with symlink pointing at /etc/unbound/dnssec-root.key. But from fedora unbound spec it looks like he used correct key file.

@cagney cagney changed the title fatal error: auto-trust-anchor-file: "/var/lib/unbound/root.key" does not exist f38: fatal error: auto-trust-anchor-file: "/var/lib/unbound/root.key" does not exist Oct 17, 2023
@cagney
Copy link
Collaborator Author

cagney commented Oct 17, 2023

so creating testing/baseconfigs/all/etc/unbound/dnssec-root.key while leaving testing/baseconfigs/all/etc/unbound/root.key alone should let f36 and f38 both work.

@bleve
Copy link
Collaborator

bleve commented Oct 17, 2023

Very likely yes.

@cagney
Copy link
Collaborator Author

cagney commented Nov 1, 2023

new format c2e2636
new file c2e2636

@cagney cagney closed this as completed Nov 1, 2023
lsw-vault pushed a commit that referenced this issue Nov 1, 2023
@cagney
testing: copy unbound/root.key to unbound/dnssec-root.key
c2e2636 
so both f36 and f38 files exist; ref #1332
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
test framework problems with the test framework (KVM, NS, WWW, ...)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cagney @letoams @bleve