Solved unbound error: unknown keyword

Hello everyone,

When I checked unbound.conf with unbound-checkconf, I received more than twenty unknown keyword errors.

Like this,
# unbound-checkconf /usr/local/etc/unbound/unbound.conf
error: unknown keyword 'shm-enable'
error: stray ':'
error: unknown keyword 'no'
...


unbound.conf
server:
verbosity: 1
statistics-interval: 0
shm-enable: no # This line was found error
...



I don't think I have a spelling mistake because these are all done by uncommenting. In other wordsI,I just deleted the # in front of them.
What is the reason for this?

unbound-1.7.3

Thank you !
 
I'm not certain, but presumably that option only matters if you have "statistics-interval" set to a non-zero number. It's also set to "no" by default, so I wouldn't overthink things and just comment it out.
 
I'm not certain, but presumably that option only matters if you have "statistics-interval" set to a non-zero number. It's also set to "no" by default, so I wouldn't overthink things and just comment it out.
Thank you.

This is my test and all the red fonts are detected with unknown keyword errors.

server:
verbosity: 1
statistics-interval: 0
shm-enable: no
shm-key: 11777

statistics-cumulative: no
extended-statistics: no
num-threads: 1
interface: 0.0.0.0
interface-automatic:no
port: 53
outgoing-range:4096
outgoing-port-permit:32768
outgoing-port-avoid: "3200-3208"
outgoing-num-tcp:10
incoming-num-tcp:10
so-rcvbuf:0
so-sndbuf: 0
so-reuseport: no
ip-transparent: no
ip-freebind: no
edns-buffer-size: 4096
max-udp-size: 4096
msg-buffer-size: 65552
msg-cache-size: 4m
msg-cache-slabs: 4
num-queries-per-thread: 1024
jostle-timeout: 200
delay-close: 0
rrset-cache-size: 4m
rrset-cache-slabs: 4
cache-min-ttl: 0
cache-max-ttl: 86400
cache-max-negative-ttl: 3600
infra-host-ttl: 900
infra-cache-min-rtt: 50
infra-cache-slabs: 4
infra-cache-numhosts: 10000
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
tcp-upstream: no
udp-upstream-without-downstream: no
tcp-mss: 0
outgoing-tcp-mss: 0
use-systemd: no
do-daemonize: yes
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: ::0/0 refuse
access-control: ::1 allow
access-control: ::ffff:127.0.0.1 allow
access-control: 192.168.18.0/24 allow
chroot: ""
username: "unbound"
directory: ""
logfile: ""
use-syslog: yes
log-identity: ""
log-time-ascii: no
log-queries: no
log-replies: no
pidfile: "/usr/local/etc/unbound/unbound.pid"
root-hints: "/var/unbound/named.root"
hide-identity: no
hide-version: no
hide-trustanchor: no
identity: ""
version: ""
target-fetch-policy: "3 2 1 0 0"
harden-short-bufsize: no
harden-large-queries: no
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: no
harden-referral-path: no
harden-algo-downgrade: no
qname-minimisation: yes
qname-minimisation-strict: no

aggressive-nsec: no
use-caps-for-id: no
private-address:10.0.0.0/8
private-address:172.16.0.0/12
private-address:192.168.0.0/16
private-address:169.254.0.0/16
private-address:fd00 :: / 8
private-address:fe80 :: / 10
private-address :: :: ffff:0:0/96
private-domain: "example.com"
unwanted-reply-threshold: 0
do-not-query-address: 127.0.0.1/8
do-not-query-address: ::1
do-not-query-localhost: yes
prefetch: no
prefetch-key: no
rrset-roundrobin: no
minimal-responses: no
disable-dnssec-lame-check: no
module-config: "validator iterator"
auto-trust-anchor-file: "/var/local/etc/unbound/root.key"
trust-anchor-signaling: yes
root-key-sentinel: yes

val-override-date: ""
val-bogus-ttl: 60
val-sig-skew-min: 3600
val-sig-skew-max: 86400
val-clean-additional: yes
val-permissive-mode: no
ignore-cd-flag: no
serve-expired: no
val-log-level: 0
val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500"
add-holddown: 2592000
del-holddown: 2592000
keep-missing: 31622400
permit-small-holddown: no
key-cache-size: 4m
key-cache-slabs: 4
neg-cache-size: 1m
unblock-lan-zones: no
insecure-lan-zones: no
local-zone: "example.com." static
local-data: "example.com. IN SOA a.example.com. nobody.invalid. 2018010101 3600 1200 604800 10800"
local-data: "example.com. IN NS a.example.com."
local-data: "a.example.com. IN A 192.168.18.10"
local-data: "b.example.com. IN A 192.168.18.11"
local-data-ptr: "192.168.18.10 a.example.com"
tls-service-key: ""
tls-service-pem: ""
tls-port: 853
tls-upstream: no
tls-cert-bundle: ""
tls-win-cert: no

ratelimit: 0
ratelimit-size: 4m
ratelimit-slabs: 4
ratelimit-factor: 10
ratelimit-for-domain: example.com 1000
ratelimit-below-domain: com 1000
ip-ratelimit: 0
ip-ratelimit-size: 4m
ip-ratelimit-slabs: 4
ip-ratelimit-factor: 10
low-rtt:45
low-rtt-permil: 0
auth-zone:
name: "."

url: "http://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone"
 
In general, unless you have a reason to uncomment and set something in a config file, don't. You'll create more headaches for yourself, as you've already discovered. In addition, make sure if you are uncommenting things you read and understand what they do.

For instance, in your config neither the "shm-enable" nor the "shm-key" settings make sense as you have statistics disabled. "shm-key" doubly so, as "shm-enable" would be set to "no" even if statistics were enabled.
 
I think this is not the cause of the problem.

Just like,
it treats auth-zone as a error, which is hard to understand.
 
Back
Top