UNBOUND Silently Dies following upgrade/migration from CE to PLUS
-
Following migration from CE to PLUS, the UNBOUND DNS resolver SILENTLY DIES - no log entries, no kernel errors, no service stop indicators, nothing...
Manual restart of the resolver fixes the problem temporarily - the issue re-presents sporadically and under varied load conditions.
I DO NOT have dynamic DHCP clients updated in the resolver. I have uninstalled (with files and settings deleted) pfBlockerNG.
As a work-around until the problem can actually be T/S'd and resolved I have implemented service_watchdog to restart the resolver if failure is detected.
I apologize for not attaching log dumps or anything else, I just have no idea what to share to get folks mental juices flowing on this one. Please let me know what information I can provide and I will post it.
As a side note, Netgate TAC is pretty much refusing to touch this stating that it is outside the scope of the TAC-Lite license even though it is clearly a post-upgrade and inter-version compatibility issue - everything functioned perfectly in CE and when sideways following the upgrade to PLUS.
Any help or pointers on what to look at next would be greatly appreciated.
-
@jcook-atlas There are several threads about DNS issues in 23.01, e.g.
https://forum.netgate.com/topic/178413/major-dns-bug-23-01-with-quad9-on-ssl/If you have forwarding enabled, disable DNSSEC as it's not expected to work (even though it didn't seem to be a problem in prior versions). If that doesn't help disable DNS over TLS as that also seems to be a problem for some people and/or busy networks.
-
@steveits DNS Forwarding IS NOT enabled, only DNS Resolver. I'll try killing the DNSSEC and see if there any change.
-
@jcook-atlas This checkbox in the DNS Resolver settings:
login-to-view -
@steveits I appreciate the help. DNS FORWARDING was never enabled, only local resolution - with DNSSEC enabled. I have sense disabled DNSSEC on LOCAL resolver and we will see how that fairs.