Where to get AMD64 version of Unbound
-
Hi wagonza,
So i decided to try and install unbound by hand. I fetched "unbound-1.4.14.tbz" from http://files.pfsense.org/packages/amd64/8/All and used pkg_add to install it. It returned that I needed ldns-1.6.11 & libevent-1.4.14b_2 so I fetched them as well. Installed the prereqs without issue & then installed unbound-1.4.14.tbz. It returned this warning:
pkg_add: warning: package 'unbound-1.4.14' requires 'expat-2.0.1_2', but 'expat-2.0.1_1' is installed
So I fetched expat-2.0.1_2, removed expat-2.0.1_1 & installed the new package. I had to "pkg_add -f unbound-1.4.14.tbz" because the system said that unbound was already installed.
I think that got everything installed correctly.
Shut down the DNS forwarder service & try to start unbound and I now get this in the logs:
php: /pkg_edit.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '[1325907919] unbound[12031:0] error: bind: address already in use [1325907919] unbound[12031:0] fatal error: could not open ports'
Rebooted the box and it looks like unbound has started and is caching dns for me.
-Will
-
php: /pkg_edit.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '[1325907919] unbound[12031:0] error: bind: address already in use [1325907919] unbound[12031:0] fatal error: could not open ports'
This means that it was already running in some other step before reboot. ;)
-
Hi wagonza,
Well for what it's worth unbound was running pretty well for about an hour, then pretty much everything that uses the DHCP server on the pfsense box lost their addresses. One minute my desktop was fine, next minute my IP on the desktop was 169.254.136.21.
Disabled unbound, restarted the DNS Forwarder and everything was right back up. This is the same behavior I saw back in September when I first tried unbound.
-Will
-
Im assuming you make use of Dynamic DNS updates in the DHCP server?
-
Hi wagonza,
Yes, I believe I do.
Is there a way to get this working with Dynamic DNS updates?
-Will
-
No not yet - currently there is an automated service which updates your host entries with the dynamic update, once it runs and makes changes it restarts dnsmasq. Unfortunately Unbound currently doesn't read /etc/hosts so those automated updates dont get added to Unbound. The other problem is since Unbound is not part of the base, this automated process sends a stop to dnsmasq and starts it up again so that it can re-read what ever changes have been made. I tried to get Unbound to do the same thing by using the same pid file as dnsmasq. This worked for some errors that were been logged but the problem with that approach is that Unbound wasn't restarted when the restart was sent (also the unbound package doesnt re-read the automatic changes). The change was actually to avoid the system logs file filling up with a dhcpleases problem.
I added a watcher script (called unbound_monitor.sh in /usr/local/etc/rc.d/) to handle this restart event - this runs every 5 seconds to see if Unbound is running and if not it should start it up again. You should see entries in your system logs saying "Unbound has exited.", "Attempting restart…" and "Unbound has resumed.".
So although it works for some people its not ideal and it is currently not a complete replacement for the current DNS forwarder as it does not offer all the same features but does provide other features.
I am in the process of integrating into the base for 2.1 - so problems like this will disappear.
-
Hi wagonza,
Right on….
So how does unbound acting like that make DHCP freak out? At least that's what it looks like is happening because some\all my dhcp boxes got a 169.X.X.X address, that's how I know something was wrong. I can see dns stop resolving but does it take down dhcp as well?
-Will
-
Interesting. Unbound doesnt touch DHCP - so thats a little weird and the first I have heard about that.
When this happens can you hop onto pfSense (via console if you dont have network access) and see if the dhcp service is running? -
Hi wagonza,
Here's what I know…..
Back in September(ish) I tried the unbound package and if I recall correctly I got it working but shortly thereafter I tried bringing a box out of sleep and it wouldn't get a DHCP address...all it would get was a 169.X.X.X address. While I was troubleshooting that my desktop went offline witha 169.X.X.X address. I managed to get into the pfsense box and shutdown unbound, restarted the dns forwarder service and did some "ipconfig /renew's" and everything was back up & running.
When I got unbound installed manually on Jan. 6th it seemed to run just fine for about an hour and then my desktop dropped off the network and returned a 169.X.X.X address just like before. Once again disabling unbound, enabling the dns forwarder & ipconfiging got everything right back up.
I didn't do anything to diagnose the problem but if you would like and provide specifics on what to look for I'd be glad to recreate the issue and report back.
-Will
-
Hmmm - ok i think you have given me enough info to work with. I will check it out and see if I can find a problem.
