Problem with DNS resolver
-
@Gertjan said in Problem with DNS resolver:
cat /var/log/resolver.log | grep 'start'
Today the problem recurred
Shell Output - cat /var/log/resolver.log | grep 'start'
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio said in Problem with DNS resolver:
@Gertjan said in Problem with DNS resolver:
cat /var/log/resolver.log | grep 'start'
Today the problem recurred
You say in your signature that you use 2.7.2 CE but your unbound is (according your screenshot) 1.18.0 - thats not consistent IMHO
Here (also 2.7.2.CE):
Jun 6 03:05:11 unbound 62796 [62796:0] info: service stopped (unbound 1.19.1). Jun 5 03:05:17 unbound 62796 [62796:0] info: start of service (unbound 1.19.1). -
-
@Unoptanio said in Problem with DNS resolver:
Do at the CLI:
pkg search unboundwhat do you get?
Try:
pkg install unbound-1.19.1Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
pfsense 2.8.0 CE
Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches. -
@Unoptanio Two things to try. Disable resolution of DHCP leases and Openvpn client hostnames. Also, increase the loglevel, which might give you more clues. One other thing, leave listening/outgoing interfaces as 'all'.
Obviously not suggesting these as solutions but as a means to getting to the cause/culprit. -
-
@Unoptanio said in Problem with DNS resolver:
pkg search unboundunbound-1.19.1 Validating, recursive, and caching DNS resolver
Now do:
pkg install unbound-1.19.1 -
[2.7.2-RELEASE][admin@xxxxxxxxxxxx]/root: pkg install unbound-1.19.1
Updating pfSense-core repository catalogue...
Fetching meta.conf: 0%
Fetching packagesite.pkg: 0%
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
Fetching meta.conf: 0%
Fetching packagesite.pkg: 0%
pfSense repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):Installed packages to be UPGRADED:
unbound: 1.18.0_1 -> 1.19.1 [pfSense][2.7.2-RELEASE][admin@Axxxxxxxxx]/root: pkg search unbound unbound-1.19.1 Validating, recursive, and caching DNS resolver -
@Unoptanio said in Problem with DNS resolver:
unbound: 1.18.0_1 -> 1.19.1 [pfSense]
Lets see if your trouble is gone
-
In your opinion, why didn't I have the latest version before? I also have all the patches installed
What version of pfsense is Unbound 1.18.0_1 from?
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio said in Problem with DNS resolver:
In your opinion, why didn't I have the latest version before? I also have all the patches installed
There are updates that are not shown on the GUI and not with Patches - they are shown only on the CLI.
-
@fireodo My 2.7.2CE install is also currently on unbound-1.18.0_1
[2.7.2-RELEASE][root@fw.local.lan]/root: pkg search unbound unbound-1.19.1 Validating, recursive, and caching DNS resolver [2.7.2-RELEASE][root@fw.local.lan]/root: pkg info | grep unbound unbound-1.18.0_1 Validating, recursive, and caching DNS resolverWhen might it pull in the updated package, other than explicit upgrade via the cmdline?
-
@Unoptanio said in Problem with DNS resolver:
What version of pfsense is Unbound 1.18.0_1 from?
I guess 2.7.1 (not shure)
I have a script (see attachment - change .zip to .php) that looks via cronjob if there are some updates. (The script is from @Gertjan if I remember well) pkg_check.zip
The cronjob looks loke this:/usr/bin/nice -n20 /usr/local/bin/php -q /root/bin/pkg_check.php | loggerEdit: In my case the location of the script is in /root/bin (directory I have created) - put the script in your case where you wish ...
Tanti auguri :-)
Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
pfsense 2.8.0 CE
Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches. -
@fireodo
So is it a bug in 2.7.2 that doesn't update unbound DNS? -
@Unoptanio said in Problem with DNS resolver:
So is it a bug in 2.7.2 that doesn't update unbound DNS?
No thats not a bug - if some changes where needed in unbound that occure AFTER release of 2.7.2 thats the only way to handle it - as far as I know!
PS.: Is unbound still restarting?
-
during my lunch break in about two hours I will reboot the system
-
@Unoptanio said in Problem with DNS resolver:
during my lunch break in about two hours I will reboot the system
Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
pfsense 2.8.0 CE
Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches. -
@darcey said in Problem with DNS resolver:
When might it pull in the updated package, other than explicit upgrade via the cmdline?
See my answer with the script inside - this kind of upgrade you have to do manually.
-
@fireodo Thanks, I'd completely forgotten about this. It seems on my system, unbound and curl have updates available.
Still I think I am going to leave it as is as things are running very smoothly for me of late. -
@darcey said in Problem with DNS resolver:
Still I think I am going to leave it as is as things are running very smoothly for me of late.
Never change a running system ... old wisdom
(curl has a security issue so I recommend to upgrade)
