Open liang-hiwin opened 1 year ago
NOT sure, just trying to help here... you have log lines:
[1687795308] unbound[5403:0] debug: chdir to /usr/local/sbin/static_unbound/etc/unbound
[1687795308] unbound[5403:0] debug: chroot to /usr/local/sbin/static_unbound/etc/unbound
which, according to what I know about chroot, for unbound the root (/) is now "/usr/local/sbin/static_unbound/etc/unbound" This means, the folder "/usr/local/sbin/static_unbound/etc/unbound/test" needs to be referred to (in an unbound configuration file) as "/test".
since you use redis-server-path: "/tmp/redis.sock", and this path doesn't exist for chrooted unbound, the message
[1687795308] unbound[5403:0] error: failed to connect to redis server: No such file or directory
is thus perfectly normal (due to the usage of chroot).
NOT sure, just trying to help here... you have log lines:
[1687795308] unbound[5403:0] debug: chdir to /usr/local/sbin/static_unbound/etc/unbound [1687795308] unbound[5403:0] debug: chroot to /usr/local/sbin/static_unbound/etc/unbound
which, according to what I know about chroot, for unbound the root (/) is now "/usr/local/sbin/static_unbound/etc/unbound" This means, the folder "/usr/local/sbin/static_unbound/etc/unbound/test" needs to be referred to (in an unbound configuration file) as "/test".
since you use redis-server-path: "/tmp/redis.sock", and this path doesn't exist for chrooted unbound, the message
[1687795308] unbound[5403:0] error: failed to connect to redis server: No such file or directory
is thus perfectly normal (due to the usage of chroot).
I installed the latest unbound 1.18.0 and got the same error
How do I define this location? chroot to /usr/local/etc/unbound I can't write it like this redis-server-path: "/usr/local/etc/unbound/redis.sock"
:/usr/local/sbin# unbound -c /usr/local/etc/unbound/unbound.conf -dd -vvvv
[1695565597] unbound[1814288:0] notice: Start of unbound 1.18.0.
[1695565597] unbound[1814288:0] debug: increased limit(open files) from 1024 to 10264
[1695565597] unbound[1814288:0] debug: creating udp4 socket 0.0.0.0 5353
[1695565597] unbound[1814288:0] debug: creating tcp4 socket 0.0.0.0 5353
[1695565597] unbound[1814288:0] debug: creating udp4 socket 0.0.0.0 5353
[1695565597] unbound[1814288:0] debug: creating tcp4 socket 0.0.0.0 5353
[1695565597] unbound[1814288:0] debug: creating udp4 socket 0.0.0.0 5353
[1695565597] unbound[1814288:0] debug: creating tcp4 socket 0.0.0.0 5353
[1695565597] unbound[1814288:0] debug: creating udp4 socket 0.0.0.0 5353
[1695565597] unbound[1814288:0] debug: creating tcp4 socket 0.0.0.0 5353
[1695565597] unbound[1814288:0] debug: chdir to /usr/local/etc/unbound
[1695565597] unbound[1814288:0] debug: chroot to /usr/local/etc/unbound
[1695565597] unbound[1814288:0] debug: drop user privileges, run as root
[1695565597] unbound[1814288:0] debug: switching log to stderr
[1695565597] unbound[1814288:0] debug: module config: "subnetcache validator cachedb iterator"
[1695565597] unbound[1814288:0] notice: init module 0: subnetcache
[1695565597] unbound[1814288:0] debug: send-client-subnet: ::0/0
[1695565597] unbound[1814288:0] debug: send-client-subnet: 0.0.0.0/0
[1695565597] unbound[1814288:0] debug: subnetcache: option registered (8)
[1695565597] unbound[1814288:0] notice: init module 1: validator
[1695565597] unbound[1814288:0] debug: validator nsec3cfg keysz 1024 mxiter 150
[1695565597] unbound[1814288:0] debug: validator nsec3cfg keysz 2048 mxiter 150
[1695565597] unbound[1814288:0] debug: validator nsec3cfg keysz 4096 mxiter 150
[1695565597] unbound[1814288:0] notice: init module 2: cachedb
[1695565597] unbound[1814288:0] notice: Redis initialization
[1695565597] unbound[1814288:0] error: failed to connect to redis server: No such file or directory
[1695565597] unbound[1814288:0] error: failed to connect to redis server: No such file or directory
[1695565597] unbound[1814288:0] error: failed to connect to redis server: No such file or directory
[1695565597] unbound[1814288:0] error: failed to connect to redis server: No such file or directory
in order for unbound to see the redis.sock file, it needs to be below _/usr/local/sbin/staticunbound/etc/unbound e.g. _/usr/local/sbin/staticunbound/etc/unbound/redis.sock. The chrooted config than needs to be redis-server-path: "/redis.sock"
in order for unbound to see the redis.sock file, it needs to be below _/usr/local/sbin/staticunbound/etc/unbound e.g. _/usr/local/sbin/staticunbound/etc/unbound/redis.sock. The chrooted config than needs to be redis-server-path: "/redis.sock"
I'll give it a try, thank you
in order for unbound to see the redis.sock file, it needs to be below _/usr/local/sbin/staticunbound/etc/unbound e.g. _/usr/local/sbin/staticunbound/etc/unbound/redis.sock. The chrooted config than needs to be redis-server-path: "/redis.sock"
Same error report
permissions on the file or / and folder?
permissions on the file or / and folder?
777
Same issue here, symlinking returned too many levels of symbolic links
, so I disabled the chroot feature.
It successfully connected, but I rollbacked this config to keep unbound sandboxed. (I failed to write a systemd service file that runs unbound as a non-root user)
Bind-mounting the socket file before the chroot will be needed.
(edit: I tried mount --bind
, and got error: failed to connect to redis server: Permission denied
. I have no clue why it loses permission only when bind-mounted)
I statically compiled the unbound-master by myself. From the -vvvv debug window, I saw that the redis server could not be found.
My redis configuration is below,