Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Release 2.6.0 upgrade issues with dnsmasq

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 919 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      encrypt1d
      last edited by

      I took the plunge and attempted an upgrade from 2.5.2 to 2.6.0 CE.
      Long story short, it did not go well and I had to roll back. I tried two "in-place" upgrades from the GUI and got the same behavior. In both cases, the rollback restored everything to a stable state.

      First, a few points on my configuration:

      • Single device gateway
      • I'm using 802.1Q VLANs. All end points connect to downstream switches on specific VLANs, which are uplinked to the pfSense via a VLAN trunk, which has two port members in a roundrobin LAGG.
      • dnsmasq is enabled on each vlan interface and DHCP tells endpoints to use the address of the firewall on that VLAN as its DNS server.
      • I use dnsmasq to resolve local host names, and forward the rest to the internet

      This configuration has worked really well for as long as I can recall and never given me issues across any upgrade until now.

      The behavior after the upgrade was a ridiculous number of DNS query failures. End users see a lot of NX DOMAIN pages, and then it suddenly works and brings them to the page, but subsequently fails to load all the page content due to more NX domain failures. Mashing the reload might eventually load the page, but it is pretty insane.

      I also noticed massive latency spikes in upstream gateway ping times, every 15 minutes on the minute (so 15:00, 15:15, 15:30 ... etc). Not sure if that is a separate issue yet or not. Mentioning it in case it is relevant. That seems more likely tied to scheduled firewall rules though (which I have a few).

      I am happy to make another attempt and collect more debug information if you have any suggestions on what to collect. I am stuck on 2.5.2 until I figure out what went wrong.

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        DNS Forwarder issue might be https://redmine.pfsense.org/issues/12902 or maybe https://redmine.pfsense.org/issues/12901 -- Is there a reason you are still using the old DNS Forwarder instead of the DNS Resolver? The latter tends to be more reliable and is more widely used and actively developed.

        Latency issue is likely https://redmine.pfsense.org/issues/12901 -- there is a workaround for that built into the system patches package on 2.6.0.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        E 2 Replies Last reply Reply Quote 1
        • E Offline
          encrypt1d @jimp
          last edited by

          @jimp

          Is there a reason you are still using the old DNS Forwarder instead of the DNS Resolver?

          Nothing more than I set this up so long ago, I don't think there was another option, or I don't remember there being one that supported host overrides.

          I will attempt another upgrade with the above suggested fixes in mind, and see how it goes.
          Much appreciated. Looks like when I searched for known issues I should have set my filter to 2.7.0, which is why I didn't find these. Thanks as always.

          1 Reply Last reply Reply Quote 0
          • E Offline
            encrypt1d @jimp
            last edited by

            @jimp

            I cut over to DNS resolver and performed the upgrade. That solved the DNS issues. I believe it all came down to this one: https://redmine.pfsense.org/issues/12901.

            The latency spikes every 15 min are still present, but that is evidently a different issue so I'll create a separate post for it. Thanks for your help.

            -Jeff

            E 1 Reply Last reply Reply Quote 0
            • E Offline
              encrypt1d @encrypt1d
              last edited by

              The follow-up post on latency issues is here:
              https://forum.netgate.com/topic/170660/latency-spikes-every-15-minutes-after-upgrade-to-2-6-0-ce

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.