Maintained by: NLnet Labs

[Unbound-users] 2 config files?!

Gabriel Petrescu
Mon May 18 10:08:20 CEST 2009


At this momment:

for ubuntu you can install from source or to use the package available in
904.
if you the 804 repositories (as default) or default repository list in 804
no unbound..


on a new fresh vm i changed the repository list (if you need it tell me) and
installed the unbound.

install, 2 config files, the default cnfig file is:
/etc/unbound/unbound.conf
edit this file, enabled:

server:
    interface: 0.0.0.0
    interface: ::0
        access-control: 0.0.0.0/0 allow
    access-control: ::1 allow
        verbosity: 1


statistics-interval: 0
        extended-statistics: yes

        # set to yes if graphing tool needs it
        statistics-cumulative: no

remote-control:
        control-enable: yes


than run:
apt-get install openssl

root at unbound5:~# unbound-control-setup
setup in directory /etc/unbound
generating unbound_server.key
Generating RSA private key, 1024 bit long modulus
...........++++++
...........++++++
e is 65537 (0x10001)
generating unbound_control.key
Generating RSA private key, 1024 bit long modulus
.........................++++++
....................++++++
e is 65537 (0x10001)
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
root at unbound5:~# unbound-control stats
error: Error setting up SSL_CTX client key and cert
28440:error:02001002:system library:fopen:No such file or
directory:bss_file.c:3
52:fopen('/var/lib/unbound/etc/unbound/unbound_control.pem','r')
28440:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
28440:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
lib:ssl_rs
a.c:470:

 so here I am... the same situation as in installation from sources..:(

locate unbound_control.pem
/etc/unbound/unbound_control.pem


than i created a sym link:

 ln -s /var/lib/unbound/etc/unbound/unbound_control.pem
/etc/unbound/unbound_control.pem
ln: creating symbolic link `/etc/unbound/unbound_control.pem': File exists
root at unbound5:~# unbound-control stats
error: Error setting up SSL_CTX client key and cert
28444:error:02001002:system library:fopen:No such file or
directory:bss_file.c:352:fopen('/var/lib/unbound/etc/unbound/unbound_control.pem','r')
28444:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
28444:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
lib:ssl_rsa.c:470:


at this momment i have no ideea what to do...

Gabi

On Mon, May 18, 2009 at 10:52 AM, Jelte Jansen <jelte at nlnetlabs.nl> wrote:

>
> It appears the ubuntu package does indeed install two configuration files.
> We might need to ask the package maintainer why this is done (we only
> provide the source code)
>
>  i will try to make it work and generate statistics.. I hope it will work
>>
>> unbound it's a bit confusing... i am trying to make also a tutorial / rule
>> how to install it on ubuntu for production servers, but at this momment:
>> - from sources it generates errors;
>>
>
> this should not happen, on my ubuntu system it compiles cleanly, but maybe
> we can help you with this; could you please provide some details?
>
>  - from packages, we should use not standard repositories; i hope this will
>> work..
>>
>>
> I don't understand this sentence; do you mean because unbound hasn't been
> packaged for older versions of Ubuntu than Intrepid?
>
> Regards,
>
> Jelte
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20090518/ecfc9760/attachment.htm>