Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    how to schedule unbound restart

    DHCP and DNS
    2
    3
    137
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thekorn
      last edited by

      Hello,

      my unbound stops resolving anything every few days. The process is there, but nobody is home.

      I'm not interested in taking the time to debug it, I just want to schedule it to restart itself every day at say, 1 AM. (That's a good enough fix for me.)

      What's the proper method of doing this?

      My first thought was to use cron to run unbound-control, but that returns:

      unbound-control -c /var/unbound/unbound.conf restart
      error: Error setting up SSL_CTX client cert
      /var/unbound/unbound_control.pem: (null)

      And looking up that seems I'm barking up the wrong tree with unbound-control, so figured I'd ask if there's a better way before going down a rabbit hole. (I have no real other need for remote unbound control.)

      Searching found a lot of people where unbound is restarting too often, which obviously doesn't help.

      Thanks in advance!

      pfsense 2.7.2-release

      GertjanG T 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @thekorn
        last edited by Gertjan

        @thekorn said in how to schedule unbound restart:

        unbound-control -c /var/unbound/unbound.conf restart

        That's a fail.

        Type

        unbound-control

        and nothing else and you'll discover how to talk with it.

        Commands:
  start                         start server; runs unbound(8)
  stop                          stops the server
  reload                        reloads the server
                                (this flushes data, stats, requestlist)
  reload_keep_cache             reloads the server but tries to
                                keep the RRset and message cache
                                if (re)configuration allows for it.
                                That means the caches sizes and
                                the number of threads must not
                                change between reloads.
  stats                         print statistics
  stats_noreset                 peek at statistics
  stats_shm                     print statistics using shm
  status                        display status of server
......

        I tried :

        [24.03-RELEASE][root@pfSense.bhf.tld]/root: unbound-control -c /var/unbound/unbound.conf reload
ok

        This :

        @thekorn said in how to schedule unbound restart:

        error: Error setting up SSL_CTX client cert
        /var/unbound/unbound_control.pem: (null)

        is another issue.
        restarting ... oops, reloading the process doesn't solve it.
        It will show the issue.

        In your case :
        The file /var/unbound/unbound_control.pem is empty.
        That's not good.
        Normally, when unbound is stared, pfSense will cerate a unbound.conf file (from scratch) using your GUI unbound settings.
        It will also prepare a usable "/var/unbound/unbound_control.pem" file.

        here is mine :

        [24.03-RELEASE][root@pfSense.bhf.tld]/root: cat /var/unbound/unbound_control.pem
        -----BEGIN CERTIFICATE-----
        MIIEJjCCAo6gAwIBAgIUefIMvu//5/bq5jhwhgkQat3jeWYwDQYJKoZIhvcNAQEL
        BQAwEjEQMA4GA1UEAwwHdW5ib3VuZDAeFw0yMzExMTkxMTEyNDdaFw00MzA4MDYx
        MTEyNDdaMBoxGDAWBgNVBAMMD3VuYm91bmQtY29udHJvbDCCAaIwDQYJKoZIhvcN
        AQEBBQADggGPADCCAYoCggGBALDYdtguL/omvfILKm5Wm4EpOQuT6U1dXFT6HEPh
        PcQ6A6yuvmU7abpKEtA8yb/Ty1TIpThkvTjpSwZTceWDs+iGVkPh2CsrFNOoEWY9
        RWm6/xMyBwYsaXCy3ljxdz/FTMfB4zpUoeHadardcYNaxt13bO/4WgZKvVmlbJ21
        pqs1g8j8KRJOTpB31uc1K6EL4BT/Zp4CSo7/VigPXwj6h+y+jIVOmkW/GNQuy7yk
        IBeN4ZHnwJ1FjilE0XPyIApZs6UCT0Nujben3j6jB7tGQ8n8xhbNM97FukmmhkhX
        U55X34s6lohNcjch2NF+w/sfvjn0UZXNEgSr3fLDjhDRF0UxRbahNQITXPR40Svl
        WUnG5fUZIiF8Wa8pmpzrscrUlf4f4RksKhDdABNHlk/LNF/ribxfrMNC4w06WJRx
        LFAB9PJgRRBIlvKKZfceb2FVcYs9HkNBPuUbjD//2wRFSj/6crHhkCbHuYmEp1gm
        8/oFWOphRFe6Y0E1baD9YM72jwIDAQABo2wwajAMBgNVHRMBAf8EAjAAMBoGA1Ud
        EQQTMBGCD3VuYm91bmQtY29udHJvbDAdBgNVHQ4EFgQU33vyAFSKlpbexhL4l38l
        EOH3C0cwHwYDVR0jBBgwFoAUjwd1ybzQ+dsZpXP6H7vx+jAbdUIwDQYJKoZIhvcN
        AQELBQADggGBAB3bte+H9xryizu5Xv0DQKC15vrdSB9DvE6XUmEdwbP8jTyhRN01
        nzIrgvOiSz4hFtsAnsjUXgciO9Mu9kfdYtFrD4B7BeXWDN9egiCd7C03aYSL32KV
        CxlNy55bYfOuIw6rlSPxD1EoQ2QuD+zPq1fi994ZqSCi6K4NYX1gJW72QfIciWxR
        uQCcnOyRGjI5/GoyH1QQdrk+tT9bbDXSIChc9BL+A7OlF11B3kvnnIVDRFGk/M5U
        DB59Qg2luiA3QGr7aDi5BHM8TUTZifMcTQXh++j1wPUPanv6IElxwds4MltJjeOY
        pNSK97thhm8JFSrjwrXs3vZ+1o/6k/PHFhoh41AUYhzSoAQU0WMJ1Tn9Fo0smrgt
        RDQreap9+4RgjN2oGZa4aNmD/itGlLh1SO8innn1clO7xnwvxSR1AhIsoxWSKTJe
        9pVkYCm4g4WLYpIgrOHcnXdMcurMOEcjg4PPMLiSxSjNtQjbwQalAG+JOYtUUniB
        +VjswWdWjGucaQ==
        -----END CERTIFICATE-----

        What you need to find out is why this file couldn't be created.
        File system error ?
        Something is mentioned in the unbound (resolver) logs ?

        Restarting a service with the wrong 'parameters' isn't the solution.
        The 'fail' will persist.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • T
          thekorn @thekorn
          last edited by

          Root problem was I was running the command as a user, not as root. Shouldn't do things early in the morning!

          All cron'd up and working as expected now!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.