• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

UNBOUND Silently Dies following upgrade/migration from CE to PLUS

DHCP and DNS
2
5
698
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jcook.atlas
    last edited by jcook.atlas Apr 26, 2023, 6:10 PM Apr 26, 2023, 6:07 PM

    Following migration from CE to PLUS, the UNBOUND DNS resolver SILENTLY DIES - no log entries, no kernel errors, no service stop indicators, nothing...

    Manual restart of the resolver fixes the problem temporarily - the issue re-presents sporadically and under varied load conditions.

    I DO NOT have dynamic DHCP clients updated in the resolver. I have uninstalled (with files and settings deleted) pfBlockerNG.

    As a work-around until the problem can actually be T/S'd and resolved I have implemented service_watchdog to restart the resolver if failure is detected.

    I apologize for not attaching log dumps or anything else, I just have no idea what to share to get folks mental juices flowing on this one. Please let me know what information I can provide and I will post it.

    As a side note, Netgate TAC is pretty much refusing to touch this stating that it is outside the scope of the TAC-Lite license even though it is clearly a post-upgrade and inter-version compatibility issue - everything functioned perfectly in CE and when sideways following the upgrade to PLUS.

    Any help or pointers on what to look at next would be greatly appreciated.

    S 1 Reply Last reply Apr 26, 2023, 6:57 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @jcook.atlas
      last edited by Apr 26, 2023, 6:57 PM

      @jcook-atlas There are several threads about DNS issues in 23.01, e.g.
      https://forum.netgate.com/topic/178413/major-dns-bug-23-01-with-quad9-on-ssl/

      If you have forwarding enabled, disable DNSSEC as it's not expected to work (even though it didn't seem to be a problem in prior versions). If that doesn't help disable DNS over TLS as that also seems to be a problem for some people and/or busy networks.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      J 1 Reply Last reply Apr 26, 2023, 6:59 PM Reply Quote 0
      • J
        jcook.atlas @SteveITS
        last edited by Apr 26, 2023, 6:59 PM

        @steveits DNS Forwarding IS NOT enabled, only DNS Resolver. I'll try killing the DNSSEC and see if there any change.

        S 1 Reply Last reply Apr 26, 2023, 7:05 PM Reply Quote 0
        • S
          SteveITS Galactic Empire @jcook.atlas
          last edited by Apr 26, 2023, 7:05 PM

          @jcook-atlas This checkbox in the DNS Resolver settings:
          login-to-view

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          J 1 Reply Last reply Apr 26, 2023, 7:29 PM Reply Quote 0
          • J
            jcook.atlas @SteveITS
            last edited by Apr 26, 2023, 7:29 PM

            @steveits I appreciate the help. DNS FORWARDING was never enabled, only local resolution - with DNSSEC enabled. I have sense disabled DNSSEC on LOCAL resolver and we will see how that fairs.

            1 Reply Last reply Reply Quote 0
            4 out of 5
            • First post
              4/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.