DNS Resolver stops working after unbound service restarts
-
I have several VLANs setup. Two of them are using 3 VPN connections as a gateway group for egress. I set up the DNS resolver for those VLANs with the Outgoing Network interfaces set to the 3 VPN interfaces. I'm using OpenVPN Clients with NordVPN.
Everything was working fine for years without an issue. Since I upgraded to PFsense 2.7.2 I sporadically loose DNS functionallity and am unable to resolve hosts.
I found out that if the unbound resolver service restarts, the issue happens. Restarting the VPN connections or any other service doesn't help. I have to restart Pfsense. After couple of hours or after days the issue will come up again, starting with restarting of the unbound service.
Here you find the logs with the restarting unbound service at 23:57:
What I did so far:
- changed NordVPN server domain name to server IP in OpenVPN Client
- tried each VPN interface seperately as Outgoing Network Interfaces
- checked every setting
- crawled the internet and this forum for help
I'm out of ideas how to fix that. Does everyone have an idea?
-
@mietz said in DNS Resolver stops working after unbound service restarts:
I'm using OpenVPN Clients with NordVPN.
Have a look at the other NordVPN thread.
It starts with "DNS suddenly broken [on some VLANs]" but then it became clear that Nord was used, doing their best to break DNS ? Still not sure yet.
When done reading, say out-loud : I pay them to do this ?Btw : what are these :
edit : check also : Status > DNS Resolver
and if you really want to see what it (trying to do) is doing, goto level 3 :
-
@Gertjan Thanks for the reply. I read the whole thread you provided and I think I will switch to AirVPN.
@Gertjan said in DNS Resolver stops working after unbound service restarts:
Btw : what are these :
57be0f36-1075-4da7-84c2-2053d46d3ba3-image.png
edit : check also : Status > DNS Resolver
These are just Certificates renewal notifications.
-
@mietz I'm on AirVPN and I face the exact same issue, about once a week. Also see these threads, it really seems like an issue with Unbound:
pfSense 2.7 DNS Resolver doesn't start
2.7: unbound does not restart after scheduled PPPoE reconnect
2.7.0 - DNS Resolver crashes (?)
Upgraded to 2.7.0, having weird issues with DNS forwarder? upon reboot have to restart it manually
-
These are all "2.7.0" posts, and 2.7.0 is more then a year old.
Everybody is using 2.7.2 these days, right ? (as we all love the new bug, if any, not the old bugs ^^)
unbound itself was upgraded several times since, imho, mostly for small enhancements and other CVE issues.
That said, I use unbound, the resolver, in the "out of the box" mode, with the setup it has when you Install pfSense from scratch. If worked for me ever since, and that start somewhere in 2012, when unbound was added to pfSense.
I've been using it using a IPv4 only PPPOE WAN connection, later on succeeded by a 'ISP upstream router' connection, using the pfSense WAN with 'DHCP'.
I've been using pfSense (unbound) on arm processors, AMD, and Intel - a SG 4100 these days. It was and still is rock solid for me.So, let me propose this advice : go Keep It Simple mode : use the out of the box experience. It works well for millions.
I never had to use a "VPN ISP". Recent forum posts about NrdVPN really don't make me changing my mind about them : they started to brilliantly fck*ng up the DNS (there is a recent big thread about it).
Be aware : if needed, you can use 'dnsmasq', the ancient forwarder. Just disable the 'resolver', and activate the 'forwarder' :
-
After switching from NordVPN to AirVPN the issue is gone. I had to disable monitoring the VPN interfaces because AirVPN seems not to like that. But besides that everything works now flawlessly.
After talking to NordVPN they said that they are aware of that and working on that issue. But I don’t want to wait for them to work on that issue.
