unbound auto-trust-anchor-file no longer works

Xyne · 2017-01-06 05:19:14

It seems that unbound will no longer start with the "auto-trust-anchor-file" option. If I comment that option, everything seems to work as expected. Is this a bug in the current package or is that option deprecated?

Here's my unbound configuration file:

server:
  use-syslog: yes
  username: "unbound"
  directory: "/etc/unbound"
  trust-anchor-file: trusted-key.key

  root-hints: root.hints
  #auto-trust-anchor-file: "/etc/unbound/keys/root.key"

  interface: 0.0.0.0
  access-control: 127.0.0.1 allow

  hide-identity: yes
  hide-version: yes

The "keys" directory and "root.key" file are both owned by the "unbound" user and group. "sudo -u unbound unbound-anchor -a "/etc/unbound/keys/root.key" correctly recreates the file. I have tried using a relative path, with and without quotation marks.

systemctl status unbound.service

● unbound.service - Unbound DNS Resolver
   Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2017-01-06 05:13:59 UTC; 3s ago
  Process: 2998 ExecStart=/usr/bin/unbound -d (code=exited, status=1/FAILURE)
  Process: 2995 ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/ (code=exited, status=0/SUCCESS)
 Main PID: 2998 (code=exited, status=1/FAILURE)

Running unbound -d exits without any error. There is nothing in syslog. I upgraded the package 2-3 days ago but only noticed the error today. "/etc/unbound/keys/root.key" was modified earlier this week, before the upgrade.

Arch Linux

#1 2017-01-06 05:19:14

unbound auto-trust-anchor-file no longer works

Board footer