Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UNBOUND Silently Dies following upgrade/migration from CE to PLUS

    Scheduled Pinned Locked Moved
    DHCP and DNS
    2
    5
    576
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcook.atlas
      last edited by jcook.atlas

      Following migration from CE to PLUS, the UNBOUND DNS resolver SILENTLY DIES - no log entries, no kernel errors, no service stop indicators, nothing...

      Manual restart of the resolver fixes the problem temporarily - the issue re-presents sporadically and under varied load conditions.

      I DO NOT have dynamic DHCP clients updated in the resolver. I have uninstalled (with files and settings deleted) pfBlockerNG.

      As a work-around until the problem can actually be T/S'd and resolved I have implemented service_watchdog to restart the resolver if failure is detected.

      I apologize for not attaching log dumps or anything else, I just have no idea what to share to get folks mental juices flowing on this one. Please let me know what information I can provide and I will post it.

      As a side note, Netgate TAC is pretty much refusing to touch this stating that it is outside the scope of the TAC-Lite license even though it is clearly a post-upgrade and inter-version compatibility issue - everything functioned perfectly in CE and when sideways following the upgrade to PLUS.

      Any help or pointers on what to look at next would be greatly appreciated.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @jcook.atlas
        last edited by

        @jcook-atlas There are several threads about DNS issues in 23.01, e.g.
        https://forum.netgate.com/topic/178413/major-dns-bug-23-01-with-quad9-on-ssl/

        If you have forwarding enabled, disable DNSSEC as it's not expected to work (even though it didn't seem to be a problem in prior versions). If that doesn't help disable DNS over TLS as that also seems to be a problem for some people and/or busy networks.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        J 1 Reply Last reply Reply Quote 0
        • J
          jcook.atlas @SteveITS
          last edited by

          @steveits DNS Forwarding IS NOT enabled, only DNS Resolver. I'll try killing the DNSSEC and see if there any change.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @jcook.atlas
            last edited by

            @jcook-atlas This checkbox in the DNS Resolver settings:
            2787f277-6221-43db-bc7d-e9a90da38a5b-image.png

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            J 1 Reply Last reply Reply Quote 0
            • J
              jcook.atlas @SteveITS
              last edited by

              @steveits I appreciate the help. DNS FORWARDING was never enabled, only local resolution - with DNSSEC enabled. I have sense disabled DNSSEC on LOCAL resolver and we will see how that fairs.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post