Anyway, let's see if Martineu has a chance to reply... no urgency, as it's all working again.
Once enhancement I may add on my own is a monitoring script that will alert me if "unbound is not running!" appears in the log. I spend most of my days on my workplace VPN and so DNS is not handled by my setup... the only way I discovered this in a timely way is because my kids started complaining.
I don't believe I have experienced the error;
unbound
can easily go for weeks.......even months
Code:
+======================================================================+
| Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
| |
| Version 3.23bD by Martineau |
| |
+======================================================================+
unbound (pid 19782) is running... uptime: 58 days 17:35:13 version: 1.13.2 # Version=v1.13 Martineau update (Date Loaded by unbound_manager Mon Dec 6 15:07:48 GMT 2021)
i = Update unbound and configuration ('/opt/var/lib/unbound/') l = Show unbound log entries (lo=Enable FULL Logging [log_level])
z = Remove unbound/unbound_manager v = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3 = Advanced Tools rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
? = About Configuration oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
rs = Restart (or Start) unbound (use 'rs nocache' to flush cache) s = Show unbound Extended statistics (s=Summary Totals; sa=All; http://10.88.8.1:80/user3.asp)
e = Exit Script [?]
A:Option ==>
Checking the files etc.
Code:
ls -l /opt/var/lib/
drwxr-xr-x 3 nobody root 4096 Feb 3 08:45 unbound
Code:
ls -l /opt/var/lib/unbound
drwxrwxrwx 2 admin root 4096 Oct 6 11:47 adblock
-rw-rw-rw- 1 admin root 3313 Feb 3 04:12 root.hints
-rw-rw-rw- 1 nobody nobody 759 Feb 3 01:41 root.key
-rw-rw-rw- 1 nobody nobody 2257327 Feb 3 07:14 root.zone
-rw-rw-rw- 1 admin root 151359 Feb 3 07:15 rpz.urlhaus.abuse.ch.zone
-rw-rw-rw- 1 admin root 11141 Dec 6 15:07 unbound.conf
-rw-rw-rw- 1 admin root 36230 Feb 3 06:57 unbound.log
-rw-r----- 1 admin root 2455 Oct 6 11:36 unbound_control.key
-rw-r----- 1 admin root 1399 Oct 6 11:36 unbound_control.pem
-rw-r--r-- 1 admin root 7168 Dec 6 17:06 unbound_log.db
-rw-r----- 1 admin root 2459 Oct 6 11:35 unbound_server.key
-rw-r----- 1 admin root 1521 Oct 6 11:35 unbound_server.pem
-rw-r--r-- 1 admin root 40960 Feb 3 06:59 unbound_stats.db
Q. Did your error message
actually contain '
Permission denied'? - as per this similar '
sudden' NL Labs bug track
Any reason why this started to happen? fatal error: could not open autotrust file for writing, /var/lib/unbound/root.key.2602864-1-560c3a7457d0: Permission denied unbound-libs-1.13.1-1.fc33.x86_64 ...
github.com
I'm not sure how frequently the update (no download involved) to
'root.key' should occur, suffice to say I don't know if it is every day?, but clearly
'root.key' was successfully updated this morning on my system (with the permissions shown above), but this is all there is in my scant
unbound
log, so no explicit reference (logging level not high enough?)
Code:
e = Exit Script [?]
A:Option ==> l
/opt/var/lib/unbound/unbound.log Press CTRL-C to stop
Jan 30 03:11:07 unbound[19782:0] info: validation failure <fwupdate.asuswrt-merlin.net. AAAA IN>: no signatures from 173.245.58.130
Jan 30 03:12:08 unbound[19782:0] info: validation failure <fwupdate.asuswrt-merlin.net. AAAA IN>: no signatures from 172.64.32.130
Feb 01 03:11:13 unbound[19782:0] info: validation failure <fwupdate.asuswrt-merlin.net. AAAA IN>: no signatures from 173.245.59.80
Feb 01 03:12:15 unbound[19782:0] info: validation failure <fwupdate.asuswrt-merlin.net. AAAA IN>: no signatures from 108.162.193.80
Feb 01 06:26:00 unbound[19782:0] error: SERVFAIL <www.internic.net. A IN>: all servers for this domain failed, at zone vip.icann.org. upstream server timeout
Feb 01 06:26:00 unbound[19782:0] error: .: failed lookup, cannot transfer from master www.internic.net
Feb 01 09:46:08 unbound[19782:0] info: validation failure <fwupdate.asuswrt-merlin.net. AAAA IN>: no signatures from 108.162.193.80
Feb 01 10:07:26 unbound[19782:0] info: validation failure <fwupdate.asuswrt-merlin.net. AAAA IN>: no signatures from 108.162.192.130
Feb 03 03:11:35 unbound[19782:0] info: validation failure <fwupdate.asuswrt-merlin.net. AAAA IN>: no signatures from 108.162.193.80
Feb 03 03:12:37 unbound[19782:0] info: validation failure <fwupdate.asuswrt-merlin.net. AAAA IN>: no signatures from 173.245.59.80
If the permissions were incorrect, then they have presumably
always been incorrect if
unbound_manager
is used to install
unbound
, and there are not (to my knowledge)
numerous reports of similar failures using
unbound_manager
However, if there was an issue with the disk, then perhaps a new flash drive together with a fresh install of Entware/
unbound
may be the cure, rather than implement the
unbound
watch-dog; although it may be prudent.
Obviously should the issue reoccur, you should check the permissions, then either manually regenerate the '
root.key' in isolation using the NL Labs utility, or simply use
unbound_manager
menu option 1.