Comments (10)
Thank you for the note, and letting me know that 1.3.6 had the same issue. What platform are you on please and how are you using the module?
from puppet-unbound.
I see this error only with 2.0.0. Everything was working fine with 1.3.6.
I'm running on RHEL 7
from puppet-unbound.
Sorry I'm a bit slow here. The branch i134
has a simple change that should order the download of the anchor file before the validation command is called. Could one of you test please? I think this is just a simple ordering issue that I don't see since my anchor is already downloaded.
from puppet-unbound.
Setting unbound::chroot: ""
(empty string) in hiera may work. Because @chroot
is nil by default in v2.0.0.
# https://github.com/xaque208/puppet-unbound/blob/2.0.0/data/common.yaml#L17
unbound::chroot: ~
# https://github.com/xaque208/puppet-unbound/blob/2.0.0/templates/unbound.conf.erb#L150-L152
<% if @chroot -%>
chroot: "<%= @chroot %>"
<% end -%>
from puppet-unbound.
With v2.0.0 adding an empty chroot option resolves the issue e.g.
class { 'unbound':
interface => [$::ipaddress],
access => ["${::network}/24"],
skip_roothints_download => true,
**chroot => ''**
}
from puppet-unbound.
I'd like to close this issue out, either leaving the workaround in place, or fix the underlying problem. I'm now reading:
By default the software comes with chroot enabled. This provides an extra layer of defense against remote exploits. Enter file paths as full pathnames starting at the root of the filesystem ('/'). If chroot gives you trouble, you can disable it with chroot: "" in the config.
I don't think we want to disable the chroot by default, but it also means that if we want to get the paths correct, we need to know the default value of the chroot, which likely differ between platforms.
I have this issue on a new dns cache I'm bringing up, and would like to at least amend the README. If others have a suggestions on how to address this issue more generally, I'd love to hear it.
from puppet-unbound.
I'm having a possibly related issue, the module works and creates a config file, but then unbound-checkconf tells me the file is invalid:
root@osmc:/etc/unbound# unbound-checkconf
[1524035632] unbound-checkconf[8896:0] error: trust anchor presented twice
[1524035632] unbound-checkconf[8896:0] error: could not parse auto-trust-anchor-file /var/lib/unbound/root.key line 2
[1524035632] unbound-checkconf[8896:0] error: error reading auto-trust-anchor-file: /var/lib/unbound/root.key
[1524035632] unbound-checkconf[8896:0] error: validator: error in trustanchors config
[1524035632] unbound-checkconf[8896:0] error: validator: could not apply configuration settings.
[1524035632] unbound-checkconf[8896:0] fatal error: bad config for validator module
If i comment out the auto-trust-anchors-file config option the configuration works fine.
Happens with module version 2.0.0 and 1.3.6
from puppet-unbound.
root@osmc:/etc/unbound# aptitude versions unbound
i 1.6.0-3+deb9u1 stable,stable-updates 500
from puppet-unbound.
for the record i think the original problem is now fixed as redhat has a default of chroot: ""
[1], which is the default redhat ships. @lemmy04 can you raise a new issue and include what version of puppet, OS and also include the unbound config file produced
[1]https://github.com/xaque208/puppet-unbound/blob/master/data/os/RedHat.yaml#L2
from puppet-unbound.
closing as no update since my last update
from puppet-unbound.
Related Issues (20)
- Wrong quoting for local-data TXT records HOT 5
- version 2.4.3 breaks the configfile for tls-upstream on CentOS 7
- `unbound_version` fact needs a test HOT 1
- Debian: module change ownership of directory /run to unbound HOT 13
- add ability to define/generate local-data + override local-zone template HOT 3
- commit 5868593634371290ad013e4a3005f25cb8d7e1fe broke the module for me HOT 6
- Fix installation on Debian distribution - e.g. unbound option auto-trust-anchor-file is provided two times HOT 8
- Handle TXT records containing double quotes and white space
- Resource default statements in module HOT 17
- Drop EOL Debian 8
- Please support 'respip' in module_config HOT 1
- add deprecation message on the forge HOT 4
- unbound_version not set on first run causing unexpected config file setting HOT 1
- No support Static record mapping to multiple IP
- Documentation is misleading when using unbound::stub
- Outgoing port permit/avoid order wrong when outgoing_port_permit_first = false
- Option trust_anchor_file is not usable
- Allow to restart instead of reload on config changes
- $conf_d and $unbound_conf_d are not documented and unclear how they differ beyond their location HOT 2
- Newer versions of Unbound require the "include:" line in its own stanza HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-unbound.