主页 / ubuntu / 问题 / 1531551
Accepted
Sun Bear
Asked: 2024-10-30 12:13:59 +0800 CST

unbound[6165:0] 致命错误:无法设置远程控制

  • 772

这是我第二个问题的后续问题。@mpboden 的解决方案已实施。此外,我添加了auto-trust-anchor-file:和启用remote-control:,如未绑定示例中为其余网络示例设置所定义。

server:
    directory: "/etc/unbound"
    username: "unbound"
    chroot: ""
    verbosity: 1
    logfile: "/etc/unbound/unbound.log"
    pidfile: "/etc/unbound/unbound.pid"
    # location of the trust anchor file that enables DNSSEC
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
    # send minimal amount of information to upstream servers to enhance privacy
    qname-minimisation: yes
    # The port number on which the server responds to queries. 
    port: 3000
    # the interface that is used to connect to the network (this will listen to all interfaces)
    interface: 0.0.0.0
    interface: ::0
    # addresses from the IP range that are allowed to connect to the resolver
    access-control: 192.168.1.0/24 allow
    access-control: 2001:DB8::/64 allow

remote-control:
    # allows controling unbound using "unbound-control"
    control-enable: yes

但是,我在调试模式下发现了 4 个错误和 1 个失败消息。通过我的故障排除工作,我发现这些错误和失败消息在control-enable: yes允许的情况下发生。

root@DNS:/etc/unbound# unbound -d -vv -c unbound.conf
[1730259092] unbound[6165:0] notice: Start of unbound 1.19.2.
[1730259092] unbound[6165:0] error: Error for server-cert-file: /etc/unbound/unbound_server.pem
[1730259092] unbound[6165:0] error: Error in SSL_CTX use_certificate_chain_file crypto error:80000002:system library::No such file or directory
[1730259092] unbound[6165:0] error: and additionally crypto error:10080002:BIO routines::system lib
[1730259092] unbound[6165:0] error: and additionally crypto error:0A080002:SSL routines::system lib
[1730259092] unbound[6165:0] fatal error: could not set up remote-control

我已检查过是否/var/lib/unbound/root.key存在。Unbound 仍可工作但unbound-control无法使用。Unbound 正在寻找/etc/unbound/unbound_server.pem但该文件不存在。我该如何解决此远程控制配置问题?

更新:

通过@mpboden的回答,我发现该命令unbound-control-setup旨在在 /etc/unbound 中创建这些文件:unbound_control.pem,,,, 以允许远程控制。unbound_server.pemunbound_control.keyunbound_server.key

root@DNS:/etc/unbound# unbound-control-setup -h
usage: /usr/sbin/unbound-control-setup OPTIONS
OPTIONS
-d <dir>  used directory to store keys and certificates (default: /etc/unbound)
-h        show help notice
-r        recreate certificates
root@DNS:/etc/unbound# unbound-control-setup
setup in directory /etc/unbound
Certificate request self-signature ok
subject=CN = unbound-control
removing artifacts
Setup success. Certificates created. Enable in unbound.conf file to use
root@DNS:/etc/unbound# ls
unbound.conf    unbound.conf.d       unbound.pid          unbound_control.pem  unbound_server.pem
unbound.log     unbound_control.key  unbound_server.key
networking

1 个回答

  1. Best Answer

    要启用unbound-control,您必须运行unbound-control-setup创建必要文件的命令。

    引用有关如何设置远程控制的官方文档:

    要使用 unbound-control 命令,我们需要调用 unbound-control-setup 命令。这会在默认安装目录中创建许多文件。大多数系统上的默认安装目录是 /usr/local/etc/unbound/,但某些发行版可能会将其放在 /etc/unbound/ 或 /var/lib/unbound 中。

    因此,运行以下命令:

    sudo -u unbound unbound-control-setup

    如果您在配置中使用 unbound 之类的用户名来运行守护程序(这是默认设置),则可以使用 sudo 以该用户名创建文件,以便运行 Unbound 的用户能够读取密钥。如果 /usr/local/etc/unbound/ 目录(或任何其他默认目录)是写保护的,这也是一种解决方案,某些发行版就是这种情况

    • 1

相关问题