‹ Back
Deploy360 27 July 2012

Warning! DNSSEC-Trigger Installation Issue After Mountain Lion Upgrade

Dan York
By Dan YorkDirector, Online Content

Dnssec TriggerIf you are a Mac OS X user looking to upgrade to the brand new Mountain Lion release – and you also have installed DNSSEC-Trigger to have a local DNSSEC-validating DNS resolver, it seems there may be an issue during the upgrade process that you need to deal with.

[UPDATE: This issue apparently only affects new installations of DNSSEC-Trigger.  If you already have DNSSEC-Trigger installed, the upgrade to Mountain Lion works.  It is when you go to install DNSSEC-Trigger on Mountain Lion that the issue appears.]

Over on the dnssec-trigger mailing list, Olaf Kolkman of NLnet Labs writes about the problem with Mountain Lion and provides instructions for how to address the problem.  If you notice unbound not starting after  the Mountain Lion upgrade, you will need to follow Olaf’s instructions:

If the command
$ id unbound
returns “no such user”, you know that you have been bitten by this problem.

To fix:
Allocate yourself a free id. You can see the allocated ids using the following:
dscl localhost -list /Local/Default/Groups PrimaryGroupID
dscl localhost -list /Local/Default/Users UniqueID

Then assign the ids to the unbound user.
sudo dscl localhost -create /Local/Default/Users/unbound PrimaryGroupID
sudo dscl localhost -create /Local/Default/Users/unbound UniqueID

In his email message, Olaf also provides a “use-at-your-own-risk” shell script for performing this fix.  He also indicates that the DNSSEC-Trigger team will be including a fix in a new release sometime in the next few weeks.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...

Join the conversation with Internet Society members around the world