Failed unbound-checkconf when unbound hasn't been started yet
Environment
- Red Hat Enterprise Linux 7
- Unbound DNS server
Issue
- Checking configuration using unbound-checkconf before running unbound the first time, it complains about missing
/etc/unbound/unbound_server.keyand fails. - Key required to complete the action successfully is not generated at that time, yet.
Resolution
- The recommended way to trigger unbound control key generation is to activate the keygen service by running
systemctl restart unbound-keygenas administrator. - An alternative way is to avoid running unbound-checkconf manually and rely on the fact that unbound-checkconf is being run before unbound daemon as part of the unbound systemd service.
Root Cause
- The unbound control key is not automatically generated at install time or boot time but rather the first time unbound is started.
- That may be too late for administrators who want to check unbound configuration without running the unbound daemon.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
