DHCP lease screen not loading

ahsunh

@Gertjan Hello dear please let us know the most simplest solution for handling this issue of DHCP lease page status.
and yes you are right issue comes on WIFI channel where huge blocks of IP are available.
working with DNS resolver not forwarder.

Gertjan

@ahsunh
Start by un-checking :

This will stop unbound from restarting far less frequent.
You can check this for yourself : count the word "start" at the Status > System Logs >System > DNS Resolver page :

Yours must be restarting a lot, like many times per hour.

ahsunh

@gertjan Hello dear
start seems 4 times only not much repeated and dhcp resgistration option is already unchecked.
Screen Shot 2022-04-20 at 2.47.13 PM.png

eazyxl

SG-2100 running version 22.01-RELEASE (arm64). Been rock solid, no issues loading anything. I install pfBlockerNG-devel 3.1.0_4 and now DHCP leases page won't load. Removed the pfBlocker package and it still won't load.

Gertjan

@eazyxl said in DHCP lease screen not loading:

I install pfBlockerNG-devel 3.1.0_4 and now DHCP leases page won't load. Removed the pfBlocker package and it still won't load.

So, "pfBlockerNG-devel 3.1.0_4" wasn't the issue.

The "DHCP lease screen" screen uses the local DNS to resolve host names to IP, or the other way around.
That is, a PHP function is used to resolve a host name to an IP. This function winds up calling 127.0.0.1 on port 53 : that's where unbound is listening for DNS jobs.
For example, : if no one is listing ( unbound doesn't listen on 127.0.0.1), this function will .... hang .... and bail out after the PHP abort time, a minute or even more.

On a default pfSense, unbound will listen on :

From IP to a host name :

[22.01-RELEASE][root@pfSense.my-pfsense.net]/root: dig @127.0.0.1 -x 192.168.1.250 +short
APP1.mypfsense.net.

The other way around :

[22.01-RELEASE][root@pfSense.my-pfsense.net]/root: dig @127.0.0.1 APP1.my-pfsense.net.  +short
192.168.1.250

Conclusion : my pfSense DNS works fine.
I'm using both 2.6.0, or 22.01.

Btw : If you have "DHCP Registration" de activated in the unbound settings (for very known reasons), there will be no DNS available coming from the DHCP leases.
Not an issue, unbound will reply immediately with 'dono', and the Status DHCP Leases page still shows up just fine.

Tell us about your (DNS) settings, and we'll tell you what's wrong ;)

zarteg

@gertjan
Actually this is for anyone else ripping their hair out over this issue.
DHCP LEASES PAGE WILL NOT LOAD - PFSense 2.52

I had changed my DNS list to make my provider the first DNS in the General tab.
I changed that back to 8.8.8.8 for the moment.
I also noticed that I had it set to use local DNS fall back to external.
I changed that to ignore local DNS use only external.
BOOM
My dhcp leases page loads again and now nice and fast.
I have tried working with the DNS forward and DNS resolver in the past and it has always led to problems.
May be something I am doing wrong but this config I explained above worked instantly.

Gertjan

@zarteg said in DHCP lease screen not loading:

I changed that back to 8.8.8.8 for the moment.

You think that "8.8.8.8" is aware of the devices you have on your LAN ? Or anything related to your leases ?
Even if you 'told' them, they do not want to know.
They might as well decide not to answer ..... ;)

@zarteg said in DHCP lease screen not loading:

I changed that to ignore local DNS use only external.

Again, who is 'external' ?
External doesn't know anything about "local".

zarteg

@gertjan
<snip> You think that "8.8.8.8" is aware of the devices you have on your LAN ?

NO I don't - Dirty DNS is always a possibility though huh ?

Just mentioned ANY AND ALL changes I did.
I suspect it was looking for DNS internal and I have all of it off.

Also using PFBlocker just for the record but oddly nothing has changed in my setup.
PFBlocker update change my DNS settings ?
Dunno its like a magical Windozer type thing.

All I know is I don't use the DNS anyways, I have PFS (2.52) running PFblocker and 12 VLANs, My pages are all loading properly and lightning fast again.

If you want to run DNS or Forwarding, I can't speak to that.
Less services the better as far as I am concerned.

zarteg

@gertjan I realize that.
I thought this thread was about my DHCP status page won't load?
Told you how I fixed it with all details included.
Perhaps you are lonely and are looking for conversation?
Sorry no time for that.
I wasn't here to teach a class on DNS. Simple to fix the DHCP leases page not loading.
Microsoft answers take all day to explain and mean very little in the end
Feel like mostly M$ employee type answers here.

KISS
(Keep It Simple Sally)

aaronssh

For what it's worth, I had the same issue and this fixed it for me:

pfSense General Setup page was configured to use NextDNS
I changed it to use my local AD Domain Controllers instead.
Suddenly DHCP Leases loads instantly.

viniciusferrao

Does anyone have idea of whats happening here? I have the same issue, for months now.

No 8.8.8.8 or other insane settings.
No pfBlocker
No DHCP registration on DNS
No crazy rules that blocks 53/tcp.
DNS pointing to 127.0.0.1 and those aquired from WAN.

And I still don't have the DHCP leases page working:

Oct 21 16:06:57 firewall nginx: 2022/10/21 16:06:57 [error] 67579#100560: *267 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 172.16.144.114, server: , request: "GET /status_dhcp_leases.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "172.21.1.1", referrer: "https://172.21.1.1/index.php"

Thanks.

Gertjan

@viniciusferrao said in DHCP lease screen not loading:

DNS pointing to 127.0.0.1 and those aquired from WAN.

You've checked :

Do you know why ?

Use the console or SSH access.
Goto (cd) to /var/dhcpd/var/db/
What is the size of the /var/dhcpd/var/db/dhcpd.leases file ?

A test :
Open / edit /etc/inc/system.inc
Got around line 747.
Find

						$hostname = gethostbyaddr($item['ip']);

replace it by

//						$hostname = gethostbyaddr($item['ip']);

and test.
The DHCP leases page shows up now ?

viniciusferrao

@gertjan said in DHCP lease screen not loading:

@viniciusferrao said in DHCP lease screen not loading:

DNS pointing to 127.0.0.1 and those aquired from WAN.

You've checked :

![137056bf-d384-4390-bd8a-f2705791f859-image.png](Something went wrong while parsing server response)

Do you know why ?

The attached image is not loading, I could not see it. :(

Use the console or SSH access.
Goto (cd) to /var/dhcpd/var/db/
What is the size of the /var/dhcpd/var/db/dhcpd.leases file ?

There you go:

[22.05-RELEASE][root@firewall.local.domain.example]/var/dhcpd/var/db: du -sh *
 33K	dhcpd.leases
 33K	dhcpd.leases~
512B	dhcpd6.leases

A test :
Open / edit /etc/inc/system.inc
Got around line 747.
Find
						$hostname = gethostbyaddr($item['ip']);
replace it by
//						$hostname = gethostbyaddr($item['ip']);
and test.
The DHCP leases page shows up now ?

Yes, this fixes the issue, which confirms that's DNS related.

The problem now is how to debug it, which entry is causing the issue.

[22.05-RELEASE][root@firewall.local.domain.example]/var/dhcpd/var/db: cat /etc/resolv.conf 
nameserver 127.0.0.1

Thanks.

Gertjan

@viniciusferrao

The image not loaded :

You've set this one ?
If so, why ?

Consider un checking it, as you don't care / shouldn't need the DNS servers of your ISP.
That's a concept of the past. The option exists as there for exceptional reasons.
Rule of thumb : you don't want the DNS of your ISP, neither some other company's upstream DNS resolver.

About :

//						$hostname = gethostbyaddr($item['ip']);

Add this line :

//						$hostname = gethostbyaddr($item['ip']);
						log_error("Would call gethostbyaddr() using : {$item['ip']}");

When you visit the dhcp leases page, you should see this in the main system log :

Take note of the IPs listed : they are all 'local', IP distributed by the DHCP servers on your LANs.
Right ?

viniciusferrao

@gertjan said in DHCP lease screen not loading:

@viniciusferrao

The image not loaded :

You've set this one ?
If so, why ?

It was enabled. I don't remember why it was enable. And yes, I don't need it.

We have internal DNS servers that the local unbound redirects to, so using 127.0.0.1 only is sufficient.

Consider un checking it, as you don't care / shouldn't need the DNS servers of your ISP.
That's a concept of the past. The option exists as there for exceptional reasons.
Rule of thumb : you don't want the DNS of your ISP, neither some other company's upstream DNS resolver.

Removed, but it still does not loads the page. Still receiving 504 timeouts.

About :
//						$hostname = gethostbyaddr($item['ip']);
Add this line :
//						$hostname = gethostbyaddr($item['ip']);
						log_error("Would call gethostbyaddr() using : {$item['ip']}");
When you visit the dhcp leases page, you should see this in the main system log :

Take note of the IPs listed : they are all 'local', IP distributed by the DHCP servers on your LANs.
Right ?

Yes, all are local IPs, but theres something like 300 IPs. I'm not sure if this is an issue or not to avoid loading the page.

Anything else that I should be looking for?

Thank you.

Gertjan

@viniciusferrao

So you saw 300+ "Would call ...." log lines.

When unbound receives a DNS request, initiated by the php function gethostbyaddr(local-IP), it will answer.
Mine does.
But, I presume the issue is now :

@viniciusferrao said in DHCP lease screen not loading:

We have internal DNS servers that the local unbound redirects to

and these 'internal DNS' servers don't answer ... (just guessing).

Several option to test :
Unbound is actually running ?

Ask it a question :

[22.05-RELEASE][admin@pfSense.mylocalnetwork.net]/etc: host 192.168.1.2
2.1.168.192.in-addr.arpa domain name pointer bureau2.mylocalnetwork.net.

You get an answer like that ?

Does unbound receive the request made by gethostbyaddr() ? (make it log very verbose)
Does unbound forwards these requests to your 'internal DNS' ?
Do they answer ?
What happens when you disable temporarily these 'internal DNS' servers and use a 'default' unbound/resolver configuration ?

stephen.betts

i did something similar after having an ongoing problem listing DHCP leases

have two pfsense SG1100 connected
one web interface was super slow ( compared to the other remote device )
It would not display dhcp leases and got the gateway 504 timeout

I read this thread and saw alot of talk about DNS ( I'm using 1.1.1.1 / 8.8.8.8 )

I disable the DNS resolver, applied config,
obviously i could not resolve any DNS now from my clients :-(
I enabled DNS resolver again and applied config

I then noticed that the web interface was now much faster and DHCP leases appear in 5 - 10 seconds and without the gateway 504 timeout

Its been a week or so and DHCP leases are still displaying

fritolays

@gertjan said in DHCP lease screen not loading:

Open / edit /etc/inc/system.inc
Got around line 747.
Find
						$hostname = gethostbyaddr($item['ip']);
replace it by
//						$hostname = gethostbyaddr($item['ip']);
and test.
The DHCP leases page shows up now ?

Yay old topics!

So I had this same issue with the DHCP Lease screen hanging/not loading.

Why you may ask?
Well I installed the nextdns cli and eventually it says to disable the DNS Resolver.
I do, and then DHCP Leases wont load.
The ARP Table page loads just fine, fyi.

Stop nextdns service and re-enable the resolver and it works again.

Relevant code block:

if ($lease) {
	if (empty($item['hostname'])) {
		if (is_null($dnsavailable)) {
			$dnsavailable = check_dnsavailable();
		}
		if ($dnsavailable) {
			$hostname = gethostbyaddr($item['ip']);
			if (!empty($hostname)) {
				$item['hostname'] = $hostname;
			}
		}
	}

ChatGPT described the function of the relevant block of code as:

This looks like a code snippet written in PHP that is checking whether a lease exists and then checking the hostname associated with that lease. If the hostname is empty and DNS is available, it uses the gethostbyaddr() function to attempt to look up the hostname from the IP address and assigns the hostname to the 'hostname' key of the $item array. If a hostname is found, it assigns it to the 'hostname' key, if not, it will remains empty.

Commenting out the line as described above fixes the issue of not running any DNS service as far as pf is concerned.
But , if I understand correctly, it fails when it attempts to get the hostname via ip from the dns.
So pf is aware(?) of a DNS service since it did not fail at the if (is_null($dnsavailable)) section.

I also dont see any real issue with leaving it commented out.
Do I need that page to check all my leases against a dns service?

So there is certainly an issue with that page needing to check leased ip's via dns even when no DNS service is detected.
Let alone that there are hardcoded google DNS servers tied to the check_dnsavailable function which kinda sucks.
Maybe adding an option on the DHCP Server page to disable leased ip's being looked up via dns?
Especially hardcoded ones...

fritolays

@fritolays

Sorry, this only checks ip's without a hostname.
Of which I have one...

Either way, there should be the option to disable hostname-less ip lookup via hardcoded dns.

Gertjan

@fritolays

... or : make DNS work.
I'll explain :
I followed the rabbit into the hole : I looked up the gethostbyaddr() PHP function.
I goes down (deep !) into glibc and it finally winds up talking to localhost (127.0.0.1 or ::1) or some system wide defined DNS server.
Side note : just ask yourself : why should our pfSense GUI ask a remote DNS server about a possible host name that is only known on one of our local LAN networks ? The IP used is RFC1918, something like 192.168.1.10/24, and these are by definition unknown to whatever DNS server on the Internet.
But : they will answer right away : 'unk' or unknown. So, even if asking to 8.8.8.8 : what is the host name of 192.168.1.10, the answer will be back immediate, and out DHCP lease GUI page will show up quickly.

The real issue is : gethostbyaddr() will prefer using IPv6 over IPv4.
If pfSense -> the PHP function gethostbyaddr(), and it is using the glibc library, knows IPv6 is available, IPv6 will be used.
IPv6 is available means : pfSense, the OS, starts to use IPv6, but nothing is known at that moment if IPv6 can route out to a IPv6 server somewhere on the Internet.
How many among us actually are really using IPv4 and IPv6 - example : while posting on the forum, "I" use IPv6 only :

So, I guess the real issue is : IPv6 seems to be available, but the setup is 'broken'. The function, deep below, winds up talking to the wall, and enters a wait state until some TCP/UDP requests time out. The fallback to IPv4 will result in a 'unk', and then the next lease is handled. Introducing the same delay : the entire page will shows up after a very long time. PHP times out, and you have a web browser error page.

Normally, our unbound is authorative for local host names. It should know that nas.my-local-pfsense-lan-network.tld is local, and it's IPv4 = 192.168.1.10 is local, so it will never start to resolve using root servers etc.
If the host name of a lease 192.168.1.10 is unknown, it will send a 'unk' back right away.
For this to work, unbound should work, and it should be listening on '127.0.0.1' (and ::1).

Solution is two fold :
Inform pfSense that IPv6 is not available.
Or
Make the IPv6 stack work, like the IPv4.

Also : check :

[22.05-RELEASE][admin@pfSense.my-local-network.tld]/root: sockstat | grep 'unbound' | grep ':53'
unbound  unbound    26513 3  udp6   *:53                  *:*
unbound  unbound    26513 4  tcp6   *:53                  *:*
unbound  unbound    26513 5  udp4   *:53                  *:*
unbound  unbound    26513 6  tcp4   *:53                  *:*

this says : unbound is listing on every local available interface on port 53, using UDP and TCP (!) using IPv6 and IPv4.
Btw : this is the default behavior.