1

     Every time I try to launch the Unbound DNS server via Homebrew Services with the command 'sudo brew services start unbound,' I start seeing log entries of the following form in OS X's 'Console' application ('/Applications/Utilities/Console.app'…:)  

%l:%M:%S %p com.apple.xpc.launchd[1]: (homebrew.mxcl.unbound[$PID]) Service exited with abnormal code: 1
%l:%M:%S %p com.apple.xpc.launchd[1]: (homebrew.mxcl.unbound) Service only ran for 0 seconds. Pushing respawn out by 10 seconds.

…one after the other. (If the conventions I'm using to denote per-instance variables seem unusual, then '%l,' '%M,' '%S,' and '%p' are strftime(3) format specifiers specifying the general appearance of each log entry's timestamp when expanded therein. '$PID' is, obviously, similarly replaced by the process ID of the particular instance of Unbound in question during each invocation by launchd.)
     When I checked, my Unbound-specific log file, /usr/local/etc/unbound/unbound.log, was blank. I've been having trouble getting my configuration file right, so maybe I'm still having problems with that? For reference, here are the contents of my configuration file, /usr/local/etc/unbound/unbound.conf, which I adapted from the example given by the Unbound source tarball's contained file '$UNTAR_WORKING_OR_TARGET_DIR/unbound-1.5.8/docs/example.conf.in. Does anything look odd in there, or is something else unexpected going on in this case?

P. S.: Here's information I get about the _unbound daemon account when I run ddcl . -read /Users/_unbound: 

dsAttrTypeNative:accountPolicyData:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>creationTime</key>
    <real>1464121481.5192709</real>
    <key>failedLoginCount</key>
    <integer>0</integer>
    <key>failedLoginTimestamp</key>
    <integer>0</integer>
    <key>passwordLastSetTime</key>
    <real>1464121482.61134</real>
</dict>
</plist>

AppleMetaNodeLocation: /Local/Default
GeneratedUID: EB92AA79-6746-4C8C-8D3A-D82F7215FD88
Password: *
PrimaryGroupID: 499
RealName:
 Unbound DNS Validating Resolver Daemon
RecordName: _unbound unbound
RecordType: dsRecTypeStandard:Users
UniqueID: 499
UserShell: /usr/bin/false
RandomDSdevel
  • 133
  • 1
  • 12

1 Answers1

1

     Well, it turns out that, as a friend of mine told me over IRC, I never checked to make sure that Unbound could reach /dev/random — and maybe /dev/log, as well —, the former of which the software's documentation for its configuration file states as a requirement under the sub-heading describing Unbound's chroot option and the latter of which might be necessary for logging, from within its chroot jail. As such, I'm going to have to try sharing /dev (or at least its contained log and random files) into /usr/local/etc/unbound via NFS (OS X doesn't directly support bind mounts.)

Community
  • 1
RandomDSdevel
  • 133
  • 1
  • 12
  • 1
    I've started a follow-up question [here](http://superuser.com/questions/1082980/unbound-dns-setting-up-an-nfs-share-to-bring-dev-into-the-softwares-chroot). – RandomDSdevel Jun 01 '16 at 21:00
  • The link to the followup question isn't working anymore. Have you ever found out the reason for this issue? – lucasart Jul 07 '19 at 11:30
  • @AdrianoLucas: Yeah, it got deleted by the community; I've voted to undo that, but we'll see what they decide. And, unfortunately, no, I never did figure this out; I just punted on troubleshooting it. (To be honest, now I'm not sure I can even remember what I was trying to use Unbound for in the first place except likely as a dependency of another Homebrew package that I may've since uninstalled, hence ridding me of that dependency. I've been having growing issues mount with Homebrew over the time I've been using it, though, too, and haven't resolved _those_ yet, either…) – RandomDSdevel Jul 13 '19 at 00:13
  • @AdrianoLucas: I later asked a simplified version of the question I linked to in my first comment [here](https://superuser.com/questions/1083385/how-to-access-dev-from-inside-a-chroot-jail) (in that it removed Unbound from the question, leaving only the context of asking how to mount '`/dev`' into _any_ '`chroot`' jail,) and it looks like _that_ question's still live. – RandomDSdevel Jul 13 '19 at 00:18