After restart, Unbound DNS Resolver don't work
-
Hello,
pfSensePlus ver 24.11
I've had a problem for a while and haven't been able to resolve it.
After starting pfsense, the DNS resolver doesn't work, and I can't browse. Unbound DNS Resolver
All the services are running apparently without errors.
If I manually stop the DNS Resolver service and restart it, everything works normally again.
This situation is quite annoying because, despite the UPS, sometimes there's a power outage for too long, and when it comes back, the DNS resolver doesn't work when the system reboots.
Do you have any ideas on how to fix this? Could I perhaps delay the service's startup?
-
@Unoptanio said in After restart, Unbound DNS Resolver don't work:
Do you have any ideas on how to fix this?
Look at the the system and resolver logs, note down the last entries (timestamp).
Now, restart the system.
Get back to the logs and list every line added since.
I'm pretty sure unbound did start, but it failed ? Or do you really saw a 'stop' without a subsequent 'start' ?
Can you use these two default settings ?
You are forwarding to who ?
No issues reaching these remote revolvers ?edit : I has no issues with 24.11, and can tell you now, after month of usage : 25.07.1 is also ok.
-
-
U Unoptanio referenced this topic
-
This looks nice, but doesn't 'show' what needs to be seen.
The command is good, though.
So, use pfSense best interface : ssh or the console (menu option 8) :grep -E 'start|stop' /var/log/resolver.logThis will only show when is stopped and started.
Not if there was an error logged that could explain the 'why it stopped'.So,
ee /var/log/resolver.logand have a look ^^
Try this one :
tail -f /var/log/resolver.logedit : When you say "Unbound DNS Resolver don't work" :
Check this first :[25.07.1-RELEASE][root@pfSense.bhf.tld]/root: ps aux | grep 'unbound' .... unbound 99926 0.0 3.8 176100 156044 - Ss 03:53 5:15.43 /usr/local/sbin/unbound -c /var/unbound/unbound.conf ...so I know it runs.
[25.07.1-RELEASE][root@pfSense.bhf.tld]/root: sockstat | grep 'unbound' unbound unbound 99926 3 udp6 *:53 *:* unbound unbound 99926 4 tcp6 *:53 *:* unbound unbound 99926 5 udp4 *:53 *:* unbound unbound 99926 6 tcp4 *:53 *:* unbound unbound 99926 7 tcp6 *:853 *:* unbound unbound 99926 8 tcp4 *:853 *:* unbound unbound 99926 10 tcp4 127.0.0.1:953 *:* ....This tells me on what interfaces (== "all") and which ports is listens = TCP & UDP, port 53 and and 853 and 953.
Let's talk to it 'localhost' or '127.0.0.1' is included in the "All Interfaces" :
[25.07.1-RELEASE][root@pfSense.bhf.tld]/root: dig @127.0.0.1 goofle.com +short 162.210.199.65Again, but this time using my LAN interface (which is the default 192.168.1.1/24 - yours might be diffrent ) :
[25.07.1-RELEASE][root@pfSense.bhf.tld]/root: dig @192.168.1.1 goofle.com +short 162.210.199.65Now, visit a LAN device like a Windows PC :
Command line, of course, and :[25.07.1-RELEASE][root@pfSense.brit-hotel-fumel.net]/root: dig @192.168.1.1 goofle.com +short
162.210.199.65PS C:\Users\Gauche> nslookup gogol.com Serveur : pfSense.bhf.tld Address: 2a01:cb19:abcd:a7e2:92ec:77ff:fe29:392c Réponse ne faisant pas autorité : Nom : gogol.com Address: 34.117.176.22This tells me that my PC uses 192.168.1.1/24 (actually the IPv6 counterpart) as a DNS source.
It tells me the host name of my pfSense, so I know my PC can reach the pfSense DNS the resolver.
It also manged to tell me that gogol.com exists (!!?!) and that is has an IPv4. -
I can confirm, I'm having the same problem (PfSense 25.07.1)
Initially, I thought it only occurred after an irregular shutdown.
This evening, I performed an HALT on PfSense, then restarted it.The daemon was green, but DNS didn't work.
Restart DNS... all good.
-
@Luca-De-Andreis said in After restart, Unbound DNS Resolver don't work:
but DNS didn't work.
can't say much about that.
Can you detail ? See tests above. -
@Gertjan
As soon as I can I'll do the tests and update you.
