Bug#1019140: unbound-resolvconf.service will always be in failed state when you set RESOLVCONF=false

Sun, 04 Sep 2022 06:24:16 -0700 

Package: unbound
Version: 1.16.2-1
Severity: normal

Dear Maintainer,

I am using unbound as recursive dns resolver for my local network,
not just for localhost.

My /etc/resolv.conf is mintainted by systemd-resolved and DNS server gets
set by systemd-networkd.

In the past, unbound-resolvconf.service was skipped:
Aug 25 03:51:47 router systemd[1]: Unbound asyncronous resolvconf update helper was skipped because of a failed condition check (ConditionFileIsExecutable=/sbin/resolvconf). 

Since systemd was upgraded (251.3-1 -> 251.4-3) and systemd-resolved
became an own package which now provides /sbin/resolvconf, unit is no
longer being skipped and fails now:
Sep 04 14:46:59 router resolvconf[1078]: No DNS servers specified, refusing operation. 

Because DNS server is getting set via systemd-networkd/systemd-resolved
on this box, I created

  $ echo RESOLVCONF=false > /etc/default/unbound
However, while resolvconf part is now beeing skipped by /usr/libexec/unbound-helper, 
unit is still failing:
Sep 04 14:50:38 router systemd[1]: Started Unbound asyncronous resolvconf update helper. Sep 04 14:50:38 router systemd[1]: unbound-resolvconf.service: Main process exited, code=exited, status=1/FAILURE Sep 04 14:50:38 router systemd[1]: unbound-resolvconf.service: Failed with result 'exit-code'. 

This seems to happen because of

  $ /usr/libexec/unbound-helper resolvconf_start
  + UNBOUND_CONF=/etc/unbound/unbound.conf
  + UNBOUND_BASE_DIR=/etc/unbound
  + unbound-checkconf -o chroot
  + CHROOT_DIR=
  + DNS_ROOT_KEY_FILE=/usr/share/dns/root.key
  + ROOT_TRUST_ANCHOR_FILE=/var/lib/unbound/root.key
  + RESOLVCONF=true
  + ROOT_TRUST_ANCHOR_UPDATE=true
  + [ -f /etc/default/unbound ]
  + . /etc/default/unbound
  + RESOLVCONF=false
  + RESOLVCONF=false
  + do_resolvconf_start
  + [ false != false -a -x /sbin/resolvconf ]
  + return
  router ~ $ echo $?
  1



-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.18.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unbound depends on:
ii  adduser              3.128
ii  init-system-helpers  1.64
ii  libc6                2.34-7
ii  libevent-2.1-7       2.1.12-stable-5+b1
ii  libnghttp2-14        1.49.0-1
ii  libprotobuf-c1       1.4.1-1
ii  libpython3.10        3.10.6-1
ii  libssl3              3.0.5-2
ii  libsystemd0          251.4-3
ii  lsb-base             11.2

Versions of packages unbound recommends:
ii  dns-root-data  2021011101

Versions of packages unbound suggests:
ii  apparmor  3.0.7-1
ii  openssl   3.0.5-2

-- no debconf information

Reply via email to