Problem with DNS resolver
-
@Unoptanio could be unbound is starting before something is fully up - like your actual connection, are you routing traffic through a vpn?
-
@johnpoz
No VPN -
So Unbound is actually stopped after rebooting?
Whats shown in the DNS or System logs? Is it trying to start and failing?
-
Execute
cat /var/log/resolver.log | grep 'start'and take note : unbound can't handle DNS requests when its in the process of stopping and restarting.
Obvious solutions :
(very silly) : make less DNS requests.
or
make unbound restart less often.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Hello,
i have enabled: "Serve Expired"
I did a reboot and it works now
To date, the problem has not recurred
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio Another thing, that might interrupt DNS, is having unbound resolve dynamic DHCP client hostnames.
AIUI this results in unbound restarts in order to reread the leases file. I set mine to only resolve static leases. -
@Unoptanio said in Problem with DNS resolver:
i have enabled: "Serve Expired"
I did a reboot and it works now
Hmm, well that seems odd. Not sure how that setting would have any effect of Unbound starting.
-
@stephenw10 said in Problem with DNS resolver:
Not sure how that setting would have any effect of Unbound starting.
It wouldn't, and on a restart there wouldn't be anything in the cache to serve up anyway.
-
@Gertjan said in Problem with DNS resolver:
cat /var/log/resolver.log | grep 'start'
Today the problem recurred
Shell Output - cat /var/log/resolver.log | grep 'start'
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio said in Problem with DNS resolver:
@Gertjan said in Problem with DNS resolver:
cat /var/log/resolver.log | grep 'start'
Today the problem recurred
You say in your signature that you use 2.7.2 CE but your unbound is (according your screenshot) 1.18.0 - thats not consistent IMHO
Here (also 2.7.2.CE):
Jun 6 03:05:11 unbound 62796 [62796:0] info: service stopped (unbound 1.19.1). Jun 5 03:05:17 unbound 62796 [62796:0] info: start of service (unbound 1.19.1). -
-
@Unoptanio said in Problem with DNS resolver:
Do at the CLI:
pkg search unboundwhat do you get?
Try:
pkg install unbound-1.19.1Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
pfsense 2.7.2 CE
Packages: Apcupsd Cron Iftop Iperf LCDproc Nmap pfBlockerNG RRD_Summary Shellcmd Snort Speedtest System_Patches. -
@Unoptanio Two things to try. Disable resolution of DHCP leases and Openvpn client hostnames. Also, increase the loglevel, which might give you more clues. One other thing, leave listening/outgoing interfaces as 'all'.
Obviously not suggesting these as solutions but as a means to getting to the cause/culprit. -
-
@Unoptanio said in Problem with DNS resolver:
pkg search unboundunbound-1.19.1 Validating, recursive, and caching DNS resolver
Now do:
pkg install unbound-1.19.1 -
[2.7.2-RELEASE][admin@xxxxxxxxxxxx]/root: pkg install unbound-1.19.1
Updating pfSense-core repository catalogue...
Fetching meta.conf: 0%
Fetching packagesite.pkg: 0%
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
Fetching meta.conf: 0%
Fetching packagesite.pkg: 0%
pfSense repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):Installed packages to be UPGRADED:
unbound: 1.18.0_1 -> 1.19.1 [pfSense][2.7.2-RELEASE][admin@Axxxxxxxxx]/root: pkg search unbound unbound-1.19.1 Validating, recursive, and caching DNS resolver -
@Unoptanio said in Problem with DNS resolver:
unbound: 1.18.0_1 -> 1.19.1 [pfSense]
Lets see if your trouble is gone
-
In your opinion, why didn't I have the latest version before? I also have all the patches installed
What version of pfsense is Unbound 1.18.0_1 from?
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio said in Problem with DNS resolver:
In your opinion, why didn't I have the latest version before? I also have all the patches installed
There are updates that are not shown on the GUI and not with Patches - they are shown only on the CLI.
-
@fireodo My 2.7.2CE install is also currently on unbound-1.18.0_1
[2.7.2-RELEASE][root@fw.local.lan]/root: pkg search unbound unbound-1.19.1 Validating, recursive, and caching DNS resolver [2.7.2-RELEASE][root@fw.local.lan]/root: pkg info | grep unbound unbound-1.18.0_1 Validating, recursive, and caching DNS resolverWhen might it pull in the updated package, other than explicit upgrade via the cmdline?
