Where to get AMD64 version of Unbound

survive

Hi wagonza,

I just updated to the 1.4.14_01 version of unbound & it looks like it's still failing in the same fashion as my post from yesterday.

Anything I can provide to assist in sorting out what's going on here?

-Will

survive

Hi wagonza,

Can you tell me where I could find the AMD64 version of the package so I could try installing it by hand?

I took a look around http://files.pfsense.org/packages/amd64/8/All/ and the latest unbound package there was from Dec. 21st…is that the right place to look?

-Will

wagonza

yeah thats correct (http://files.pfsense.org/packages/amd64/8/All/unbound-1.4.14.tbz)

as to the install process - what does the output window say when installing the package?

survive

Hi wagonza,

I just tried installing the package through the GUI again. The package says it has installed successfully but when I try to start it I get this message in the log:

php: : The command '/usr/local/sbin/unbound-control start' returned exit code '127', the output was '/usr/local/sbin/unbound-control: not found'

That's the only thing unbound related there.

There is nothing in /usr/local/sbin/ that starts with "unb".

-Will

wagonza

Hrmm - something freaky going on with your box. I just did a fresh install of amd64 2.0 and downloaded the Unbound package with no problem.

[2.0-RELEASE][admin@pfsense.localdomain]/root(2): ls /usr/local/sbin/unbound*
/usr/local/sbin/unbound               /usr/local/sbin/unbound-checkconf     /usr/local/sbin/unbound-control-setup
/usr/local/sbin/unbound-anchor        /usr/local/sbin/unbound-control       /usr/local/sbin/unbound-host
[2.0-RELEASE][admin@pfsense.localdomain]/root(3):

Have you tried removing the package entirely and then starting the reinstall from scratch? Lastly you do have enough disk space?

survive

Hi wagonza,

Yes, I have completely removed the package each time. I have plenty of disk space, I'm running on a 200GB HDD.

I'm using the 2.1-DEVELOPMENT (amd64) built on Mon Dec 12 that has been freshly gitsynced.

-Will

survive

Hi wagonza,

So i decided to try and install unbound by hand. I fetched "unbound-1.4.14.tbz" from http://files.pfsense.org/packages/amd64/8/All and used pkg_add to install it. It returned that I needed ldns-1.6.11 & libevent-1.4.14b_2 so I fetched them as well. Installed the prereqs without issue & then installed unbound-1.4.14.tbz. It returned this warning:

pkg_add: warning: package 'unbound-1.4.14' requires 'expat-2.0.1_2', but 'expat-2.0.1_1' is installed

So I fetched expat-2.0.1_2, removed expat-2.0.1_1 & installed the new package. I had to "pkg_add -f unbound-1.4.14.tbz" because the system said that unbound was already installed.

I think that got everything installed correctly.

Shut down the DNS forwarder service & try to start unbound and I now get this in the logs:

php: /pkg_edit.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '[1325907919] unbound[12031:0] error: bind: address already in use [1325907919] unbound[12031:0] fatal error: could not open ports'

Rebooted the box and it looks like unbound has started and is caching dns for me.

-Will

marcelloc

@survive:

php: /pkg_edit.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '[1325907919] unbound[12031:0] error: bind: address already in use [1325907919] unbound[12031:0] fatal error: could not open ports'

This means that it was already running in some other step before reboot.  ;)

survive

Hi wagonza,

Well for what it's worth unbound was running pretty well for about an hour, then pretty much everything that uses the DHCP server on the pfsense box lost their addresses. One minute my desktop was fine, next minute my IP on the desktop was 169.254.136.21.

Disabled unbound, restarted the DNS Forwarder and everything was right back up. This is the same behavior I saw back in September when I first tried unbound.

-Will

wagonza

Im assuming you make use of Dynamic DNS updates in the DHCP server?

survive

Hi wagonza,

Yes, I believe I do.

Is there a way to get this working with Dynamic DNS updates?

-Will

wagonza

No not yet - currently there is an automated service which updates your host entries with the dynamic update, once it runs and makes changes it restarts dnsmasq. Unfortunately Unbound currently doesn't read /etc/hosts so those automated updates dont get added to Unbound. The other problem is since Unbound is not part of the base, this automated process sends a stop to dnsmasq and starts it up again so that it can re-read what ever changes have been made. I tried to get Unbound to do the same thing by using the same pid file as dnsmasq. This worked for some errors that were been logged but the problem with that approach is that Unbound wasn't restarted when the restart was sent (also the unbound package doesnt re-read the automatic changes). The change was actually to avoid the system logs file filling up with a dhcpleases problem.

I added a watcher script (called unbound_monitor.sh in /usr/local/etc/rc.d/) to handle this restart event - this runs every 5 seconds to see if Unbound is running and if not it should start it up again. You should see entries in your system logs saying "Unbound has exited.", "Attempting restart…" and "Unbound has resumed.".

So although it works for some people its not ideal and it is currently not a complete replacement for the current DNS forwarder as it does not offer all the same features but does provide other features.

I am in the process of integrating into the base for 2.1 - so problems like this will disappear.

survive

Hi wagonza,

Right on….

So how does unbound acting like that make DHCP freak out? At least that's what it looks like is happening because some\all my dhcp boxes got a 169.X.X.X address, that's how I know something was wrong. I can see dns stop resolving but does it take down dhcp as well?

-Will

wagonza

Interesting. Unbound doesnt touch DHCP - so thats a little weird and the first I have heard about that.
When this happens can you hop onto pfSense (via console if you dont have network access) and see if the dhcp service is running?

survive

Hi wagonza,

Here's what I know…..

Back in September(ish) I tried the unbound package and if I recall correctly I got it working but shortly thereafter I tried bringing a box out of sleep and it wouldn't get a DHCP address...all it would get was a 169.X.X.X address. While I was troubleshooting that my desktop went offline witha 169.X.X.X address. I managed to get into the pfsense box and shutdown unbound, restarted the dns forwarder service and did some "ipconfig /renew's" and everything was back up & running.

When I got unbound installed manually on Jan. 6th it seemed to run just fine for about an hour and then my desktop dropped off the network and returned a 169.X.X.X address just like before. Once again disabling unbound, enabling the dns forwarder & ipconfiging got everything right back up.

I didn't do anything to diagnose the problem but if you would like and provide specifics on what to look for I'd be glad to recreate the issue and report back.

-Will

wagonza

Hmmm - ok i think you have given me enough info to work with. I will check it out and see if I can find a problem.