Bug 1244

Summary: Use of chroot requires trust anchor file to be under chroot
Product: unbound Reporter: rudolph+nlnlbugs
Component: serverAssignee: unbound team <unbound-team>
Status: RESOLVED FIXED    
Severity: normal CC: cathya, wouter
Priority: P5    
Version: 1.6.1   
Hardware: x86_64   
OS: Linux   

Description rudolph+nlnlbugs 2017-04-04 15:36:52 CEST
This wasn't clear/mentioned in the documentation, but it seems that due to when chrooting happens vs opening/use of the (auto-)trust-anchor-file, that file needs to be under the chroot for the server to start up correctly. The error message one gets if this is not the case is a little confusing - a generic "unable to open" even though permissions and ownership seem fine.

I think this should at least be mentioned in the documentation as it may save some users a few minutes of debugging.

Thanks
Comment 1 Wouter Wijngaards 2017-04-04 15:40:09 CEST
Hi Rudolph,

Yes, I added text to unbound.conf man page for that.

I believe unbound-checkconf also checks for this condition.

Best regards, Wouter