Netgate 2100 blocking? Spotify issue

Gertjan

@bmeeks

Very true and I would have mentioned that potential issue right away.

But seeing this :

I've deducted that he is using KEA, and KEA should disable the dhcpleases process that restarts unbound on every ISC DHCP lease or lease renewal.
Let's be sure :

@MikeHalsey can you run :

ps ax | grep 'dhcpd.leases'

?

as if this return something like

97385  -  Is        0:00.02 /usr/local/sbin/dhcpleases -l /var/dhcpd/var/db/dhcpd.leases -d brit-hotel-fumel.net -p /var/run/unbound.pid -u /var/unbound/dhcpleases_en
.......

then the case is solved.

MikeHalsey

@Gertjan said in Netgate 2100 blocking? Spotify issue:

ps ax | grep 'dhcpd.leases'

The result was...

8208 - Is 0:00.01 /usr/local/sbin/dhcpleases -l /var/dhcpd/var/db/dhcpd.leases -d home.arpa -p /var/run/unbound.pid -u /var/unbound/dhcpleases_entries.conf -h /etc/hosts
86231 - S 0:00.01 sh -c ps ax | grep 'dhcpd.leases' 2>&1
86634 - S 0:00.01 grep dhcpd.leases

Gertjan

@MikeHalsey

Ok.
Call Houston.
You have a problem.

---

The solution :
Go here and select "ISC DHCP" :

and Save.

Now go to Services > DNS Resolver > General Settings

and locate

and remove the check from "DHCP Registration". This simple check, if set will activate the dhcpdleases process that restart unbound xx per hour.
Extra info : It's not checked by default ... and you can image why.

Save the new unbound settings.
Apply ( !! ) the new unbound settings.

Now, if you want to, you can go back to KEA : reverse the first step.
My advise : you dion't need to, ISC DHCP works very well.

Test phase :
You know how to check the unbound restarts.
Test during a couple of days.
You will notice the difference : DNS now behaves correcly.

---

and WTF : with KEA, dhcpdleaeses is still started ?? Netgate ?!!

MikeHalsey

@Gertjan Done, I'll let you know how it goes many thanks

MikeHalsey

@Gertjan Oh my god! Oh my god! Oh my god! Oh my god! Oh my god! That seems to have fixed it Spotify now seems to be responding to me immediately, all of the speakers are still there, and the music isn't stopping every 20 seconds like it was the last few days.

The constant restarts have stopped too. Here's hoping but it's looking good and I can't thank everybody who helped, enough 🫡

MikeHalsey

@Gertjan Actually, scrub that. It fixed it for all of 5 minutes then the problem started again

MikeHalsey

@Gertjan hmm... so far it's stable again, so I suppose that could have been cause by a pfBlocker update check. I'll run it for a day or three and report back 🫡

Gertjan

@MikeHalsey said in Netgate 2100 blocking? Spotify issue:

could have been cause by a pfBlocker update check

These can happen every hour max (I think).
Anyway, as most lists are updated maybe ones a week, or even less frequent-, I've set :

so pfBlockerng can restart unbound ones a week max.

Be ware : the list with : "who can restart unbound" isn't empty yet.

For example, when you hook up to a LAN or (actually any interface port) not a switch that is always powered on, but something else, every time you shut down this device, and the power it up again, the interface gets activated : this will restart unbound, and a lot of other processes as well.

Now you know all the reasons why unbound restarts (for 99,x %).

Btw : you've checked that the dhcpdleases process doesn't run anymore ?

Illustration :

Every dip in the stats is an unbound restart.
That's more often as ones a week, true, because it was the admin (me - so that's another reason why unbund restart : it's the admin ) doing so while testing settings so I can take screen captures to show them on the forum.
When I'm not there, my unbound doesn't restart anymore.

It will behave like this :

MikeHalsey

@Gertjan Yeah, I thought it could be pfBlocker too, so I've set those things you mentioned to weekly, and set the main pfBlocker update to once a day at 2am.

There's been no restarts of Unbound now for almost an hour and all seems good... so far.

jrey

I can't specifically speak to EasyList and how ofter it changes. However ADs_Basic, changes often more than once a week. (Of course you can choose when to check it)
However, unbound will only restart (assuming pfBlocker is configured properly) when one of the DNSBL lists has a changed. Not just because it checked. I check ADs_Basic daily (and other lists). As I said before, unbound can still go days between needing a restart.
my unbound restarted because of a list change on Sept 1 at midnight, and again on Sept 5 (this morning) in the days between it just kept running.
The entire restart of unbound takes a couple of seconds, you would never know in most cases.
In fact the only way I know is by the dashboard (if I'm running it) and graylog (which is always running) Your last dashboard image, didn't even show any lists. Does it now? and what is the time stamp of the list reload.

my dashboard shows the update time (this morning)

so they all reloaded this morning... looks fine to me (compare this to the previous screen shot and they all said Sep 1) nothing changed in-between, nothing restarted unbound.

The graylog shows me the pid changed (different colour) but it also never skipped.

orange is pid before, different pid after the reload is blue.
Notice the time slot (5 minutes) bands where there is both blue and orange. that's when it restarted.

here is the same data on a 2 second time slice, unbound restarting at the colour transition, you should never even notice, nor should any device on your network.

bmeeks

@jrey said in Netgate 2100 blocking? Spotify issue:

here is the same data on a 2 second time slice, unbound restarting at the colour transition, you should never even notice, nor should any device on your network.

One caveat I would offer --
Be careful of time comparison examples (such as the 2 seconds in your post). This will be very dependent on the underlying hardware a particular user is running on. Another obvious variable is the size of the chosen list or lists. So long as the comparison is apples-to-apples (meaning same exact hardware and same exact DNSBL lists), then time comparisons are pertinent.

I've just sometimes seen posters assume that everyone should see the same performance with some feature as they do. That is not the case unless the parameters are very closely matched.

Gertjan

@jrey said in Netgate 2100 blocking? Spotify issue:

I can't specifically speak to EasyList and how ofter it changes. However ADs_Basic, changes often more than once a week. (Of course you can choose when to check it)
However, unbound will only restart (assuming pfBlocker is configured properly) when one of the DNSBL lists has a changed. Not just because it checked. I check ADs_Basic daily (and other lists). As I said before, unbound can still go days between needing a restart.

10/10 ! Nice. You've done your home work.

jrey

@bmeeks said in Netgate 2100 blocking? Spotify issue:

Be careful of time comparison examples (such as the 2 seconds in your post).

sure, but I'm running a 2100 same as the OP. 2 second reload of unbound is "normal" here.

Edit: and the op has never answered the questions about the list size of list as seen in the pfblockerng.log (or other questions unless I missed those answers) so yes there still could be other "variables" as well.

jrey

@Gertjan said in Netgate 2100 blocking? Spotify issue:

10/10 ! Nice.

Missed this --- was it a test?

MikeHalsey

@stephenw10 @Gertjan @jrey @bmeeks @SteveITS Hi all, so you know the fixes you provided have worked perfectly. Spotify has been behaving itself extremely well for a few days now, and is much more responsive too. I can't thank you all enough

I did realise afterwards that I also had pfBlockerNG misconfigured too (several people mentioned I might have done this) as it started aggressively blocking everything all of a sudden. So that's been reset back to factory except from being told to only update at night once a day.

Thanks again everybody, I'm very grateful 🫡

MikeHalsey

@jrey @stephenw10 @Gertjan @SteveITS @bmeeks I just thought I'd let you all know and post here just in case anybody else has the same problems I've had with Spotify.

A few days after my last post the issue with Spotify not seeing speakers and dropping connections returned. I did some hunting around online and eventually did find some other people who had the same problem, one of whom had a solution.

So if anybody else is finding pfBlocker is blocking Spotify and your speakers, add the domain byspotify.com to your DNSBL whitelist and restart pfBlocker in the Services panel, that fixed it

stephenw10

Ooo, good tip.

bitperfect

What is byspotify.com?

I am having intermittent Spotify disconnects all day long but I think my issue might just be librespot implementation in my device.

jrey

@bitperfect said in Netgate 2100 blocking? Spotify issue:

What is byspotify.com?

something they want their devices to check into periodically in order to function (and collect information) - SONOS has much the same "msmetrics.ws.sonos.com"
it is on some block lists and if you don't white list it their "new" app just crashes.
The cost of using their platform.

whois

bitperfect

@jrey Thank you very much!

I found byspotify.com in my DNSBL block log so I have whitelisted it. Now the wait begins to see if it makes a positive difference.

I also found the Sonos domain but left that alone as I have no issues with my Sonos speaker.