Maintained by: NLnet Labs

[Unbound-users] unbound fails to start?

W.C.A. Wijngaards
Wed Feb 11 08:36:21 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

This is 1.2.0 I think, there are fixes for it in 1.2.1 ?

In 1.2.1 I added initgroups(3), so that it drops secondary group
permissions. These might have stuck around from earlier (root or user)
permissions.  These secondary group permissions may be the difference
between init and login for you.

Also, 1.2.1 prints the filename that is the problem.

I suggest you chown/chmod the files for remote-control (cert and key
files).  One of these files gets 'Permission denied'.   chown to
unbound, readable by user.

Best regards,
   Wouter

Paul Wouters wrote:
> On Tue, 10 Feb 2009, Paul Wouters wrote:
> 
>> There isn't much in the logs, even with verbosity:4
>>
>> Feb 10 21:35:29 resolver unbound: [1607:0] error: Error setting up
>> SSL_CTX key and cert crypto error:0200100D:system
>> library:fopen:Permission denied
>> Feb 10 21:35:29 resolver unbound: [1607:0] error: and additionally
>> crypto error:20074002:BIO routines:FILE_CTRL:system lib
>> Feb 10 21:35:29 resolver unbound: [1607:0] error: and additionally
>> crypto error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
>> lib
>> Feb 10 21:35:29 resolver unbound: [1607:0] fatal error: Could not
>> initialize main thread
> 
> I forgot to add the startup logs before it switched to syslog:
> 
> Starting unbound: [1234322215] unbound[2721:0] debug: creating udp6
> socket :: 53
> [1234322215] unbound[2721:0] debug: creating tcp6 socket :: 53
> [1234322215] unbound[2721:0] debug: creating udp4 socket 0.0.0.0 53
> [1234322216] unbound[2721:0] debug: creating tcp4 socket 0.0.0.0 53
> [1234322216] unbound[2721:0] debug: creating tcp6 socket ::1 953
> [1234322216] unbound[2721:0] debug: creating tcp4 socket 127.0.0.1 953
> [1234322216] unbound[2721:0] debug: switching log to syslog
> 
> Paul
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmSf/UACgkQkDLqNwOhpPjVhgCfYBD2iXNYu2OdqH0EhkP2Zs1M
DuEAoJ7zxZQz+tQf6llLcsoiyTbBK4kZ
=qyys
-----END PGP SIGNATURE-----