Ubuntu
unbound package

unbound.service needs network online

Bug #1923733 reported by Niklas Edmundsson
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
unbound (Ubuntu)
Triaged
Undecided
Unassigned

Bug Description

unbound.service in Ubuntu 20.04LTS Focal has insufficient dependencies for the ExecStartPre package-helper root_trust_anchor_update command to reliably succeed, while it depends on network.target that is no guarantee that network is available.

While unbound startup succeeds, the following error can typically be seen on boot on physical hosts with NICs that have long setup/startup times (approx 10 seconds on this host):

package-helper[899]: fail: the anchor is NOT ok and could not be fixed

Our workaround is to add an appropriate dependency on network-online.target in /etc/systemd/system/unbound.service.d/network-online.conf like so:
----------------------8<----------------------------
[Unit]
# Needs network online to be able to verify/update dnssec root key on startup
After=network-online.target
----------------------8<----------------------------

With this workaround in place, after reboot we see success:

package-helper[1025]: success: the anchor is ok

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unbound (Ubuntu):
status: New → Confirmed
Revision history for this message
Paride Legovini (paride) wrote :

Hello Niklas and thanks for this bug report. In short, my suggestion here is to file this bug against the unbound Debian package [1]. The rationale is:

- The unbound Ubuntu package is currently a sync from Debian, which means it carries no Ubuntu specific changes. Fixing this in Debian minimizes the overall maintenance effort. In other words it is, in my opinion, the right place in the Upstream->Debian->Ubuntu pipeline where the fix should land.
- Fixing this issue in Debian will benefit Debian and all its derivatives, including Ubuntu.
- Fixing this in Ubuntu is certainly possible, however please note that unbound is in the "universe" Ubuntu component, meaning that the package is community supported. If you want to drive the fixing effort and have the fix to land to Focal please refer to the Ubuntu wiki, e.g. [2].

[1] https://packages.debian.org/sid/unbound
[2] https://wiki.ubuntu.com/StableReleaseUpdates

Changed in unbound (Ubuntu):
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.