DNS Resolver
-
My bad. I wasn't filling it out correctly - it works if you do it as I show in the attached.
-
Can I pass "include: /etc/unbound/local-blocking-data.conf" in the advanced field of the resolver? I want to block some domains.
-
Apparently the options in the advanced field are not parsed to the config file. Am I doing it wrong?
-
I'm sorry to say that Unbound in 2.2 beta has (still) issues:
Nov 12 18:21:42 unbound: [94783:0] notice: Restart of unbound 1.4.22. Nov 12 18:21:42 unbound: [94783:0] warning: too many file descriptors requested. The builtinmini-event cannot handle more than 1024\. Config for less fds or compile with libevent Nov 12 18:21:42 unbound: [94783:0] warning: continuing with less udp ports: 91
I've seen this a couple of times here, but no solution was found.
From what can be found on the web, it seems to be a problem with multicore cpu's (mine's a 2558 SOC).
The "Number of queries per thread" in the web interface shows 512, but in the actual config file it's still set at 1024.The value should sit around 250 for a 4-core cpu, not exceeding a total of 1024.
Manually adjusting the Unbound config is no use, after saving a change in the admin interface, it resets to 1024 again.This issue is causing Unbound to restart and when it does, delays the DNS lookups.
Old bug that really need to be fixed.Cheers.
-
Seems some options are not parsed to the config file. I've already posted about the advanced field, but I've found another:
2.2-BETA (amd64)
built on Thu Nov 13 06:05:47 CST 2014
FreeBSD 10.1-RELEASEcheck in the config file below and check the pic:
/var/unbound: cat unbound.conf
##########################Unbound Configuration
##########################
Server configuration
server:
chroot: /var/unbound
username: "unbound"
directory: "/var/unbound"
pidfile: "/var/run/unbound.pid"
use-syslog: yes
port: 53
verbosity: 1
harden-referral-path: no
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
module-config: "validator iterator"
unwanted-reply-threshold: 0
num-queries-per-thread: 1024
jostle-timeout: 200
infra-host-ttl: 900
infra-lame-ttl: 900
infra-cache-numhosts: 10000
outgoing-num-tcp: 10
incoming-num-tcp: 10
edns-buffer-size: 4096
cache-max-ttl: 86400
cache-min-ttl: 0
harden-dnssec-stripped: yes
num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
msg-cache-size: 4m
rrset-cache-size: 8m
outgoing-range: 462
#so-rcvbuf: 4m
auto-trust-anchor-file: /var/unbound/root.key
prefetch: no
prefetch-key: noStatistics
Unbound Statistics
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yesInterface IP(s) to bind to
interface: 192.168.50.1
interface: 10.1.2.1
interface: 192.168.51.1
interface: 127.0.0.1
interface: ::1Outgoing interfaces to be used
outgoing-interface: #####
outgoing-interface: #####DNS Rebinding
For DNS Rebinding prevention
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 192.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10Set private domains in case authoritative name server returns a Private IP address
private-domain: "hsnetworks"
domain-insecure: "hsnetworks"Access lists
include: /var/unbound/access_lists.conf
Static host entries
include: /var/unbound/host_entries.conf
Domain overrides
include: /var/unbound/domainoverrides.conf
Remote Control Config
include: /var/unbound/remotecontrol.conf
(edited to include snapshot version)
-
More info on this:
although the config file of unbound doesn't have it, config.xml does have the right settings:
<custom_options>include:/var/unbound/local-blocking-data.conf</custom_options>
<dnssec><prefetch><prefetchkey><msgcachesize>4</msgcachesize>
<outgoing_num_tcp>0</outgoing_num_tcp>
<incoming_num_tcp>0</incoming_num_tcp>
<edns_buffer_size>1480</edns_buffer_size>
<num_queries_per_thread>512</num_queries_per_thread>
<jostle_timeout>100</jostle_timeout></prefetchkey></prefetch></dnssec> -
The code in /etc/inc/unbound.inc simply does not implement the settings into the conf file.
I am looking at this. It will be easy to finish the implementation - pull request in 1 hour hopefully. -
Pull request: https://github.com/pfsense/pfsense/pull/1336
That makes it implement all the parameters that can be specified in the "Advanced" section (the custom options box) and on the "Advanced" tab. unbound.conf has all this stuff now after pressing Apply.
And it took me 72 minutes between posts - there were a few little extra bits to think about, software project estimation is never an exact science, and I actually tested it also ;)
-
Thanks again for being so fast. I'll test it and report back.
-
It's working perfectly on the latest snapshot. Thanks again. Although, I was reading unbound docs and noticed this:
"FILE FORMAT
There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute is followed by its containing attributes, or a value."Text parsed in the advanced field breaks the line with spaces. Do you think this is important?
-
Phil and Hugovsky, thanks for following up on this. I know it's community so it's awesome you helped out with this.
Will test it shortly.Cheers.
-
I'm using CARP virtual IPs and run Unbound on "All" interfaces.
If I query the CARP IP from a Linux box, I get this:root@none:~# dig @192.168.xxx.254 www.heise.de ;; reply from unexpected source: 192.168.xxx.5#53, expected 192.168.xxx.254#53 ;; reply from unexpected source: 192.168.xxx.5#53, expected 192.168.xxx.254#53 ;; reply from unexpected source: 192.168.xxx.5#53, expected 192.168.xxx.254#53
Snapshot is AMD64 from today.
I took another look at this:
IP aliases can be explicitly chosen in the GUI but do not appear in unbound.conf so this does not help with the problem. Seems like a bug and should be fixed I guess.
If you set
interface-automatic: yes
then it replies properly when doing a dig@ the alias IP.
This feature is marked experimental though, I don't know the downsides. -
Hi
I've another issue, all my DHCP6 static bindings are not included in /var/unbound/host_entries.conf. It shows only the IPv4 entries.
-
file a bug.
-
@gonzopancho:
file a bug.
Bug #4013
-
Most things should be fixed here now. Open DNS Resolver bug tickets can be viewed here:
https://redmine.pfsense.org/projects/pfsense/issues?query_id=42if you notice anything not on the list, please post here on this board, either in this thread or start your own. If you have a clearly-defined bug report, open a ticket at redmine.pfsense.org. If you're not sure the specific issue, it's best to discuss here first, where someone can help quantify the issue.
-
Does not seem to work properly with IP Aliases or CARP interfaces here. IP Aliases don't work at all, CARP virtual IPs create an interface entry with "Array" and unbound fails to start.
To reproduce:
-create an IP Alias
-choose it as the only Network interface in Unbound
Result in /var/unbound/unbound.conf# Interface IP(s) to bind to
Or:
-create a CARP virtual IP
-choose it as the only Network interface in Unbound
Result in /var/unbound/unbound.conf# Interface IP(s) to bind to interface: 192.168.xxx.6 interface: Array
I'm testing on the latest:
2.2-BETA (amd64) built on Mon Nov 17 19:31:46 CST 2014 FreeBSD 10.1-RELEASE
-
cmb fixed that "Array" thing with very recent commit https://github.com/pfsense/pfsense/commit/845fd268c94e3c4de31700ce29963038e28fa017
But I suspect that now you might just get no binding.
You could install the latest /etc/inc/unbound.inc and then report back what remains wrong. -
Thanks Phil!
CARP seems to work Ok now, also verified that it can be queried with dig@.
An IP alias still behaves as described above. -
Used to do this with dnsmasq:
Insert the following into the “Advanced” text area field on the DNS Forwarder page in pfSense: bogus-nxdomain=92.242.140.2
This stopped my ISP from hijacking DNS.
Doesn't seem to work with unbound. Is there an equivalent command? If I put it in the unbound advanced box unbound dies.
-
I don't see an equivalent to that with Unbound. Though if you have Unbound doing its own recursion (don't enable forwarding mode), you should never see that from your ISP.
-
@CMB - thanks for the swift response. I know you are working at banging out 2.2.
Can you elaborate what "forwarding mode" does for unbound? I want unbound to cache DNS queries and be the DNS server for my LAN. I was under the impression I needed it on so unbound would be a cache server and "forward" the results of my main DNS servers (for example say 8.8.8.8).
BTW I did turn forwarding off to see what happens and the DNS hijacking stopped. Thx for that tip!
-
Forwarding mode means it will just send queries (for domains not already in the cache) directly upstream to the defined upstream DNS server/s it has been told about.
With recursion, unbound does its queries directly through the chain of internet root servers down to the authoritative server for the requested domain, thus avoiding using some intermediate upstream DNS and its cache, but keeps a cache for itself.
http://en.wikipedia.org/wiki/Domain_Name_System#Recursive_and_caching_name_server -
So it caches either way?
So what is the use case for the forwarder option? To force something like OpenDNS? Because it sounds as if the non-forwarder behavior is the most accurate option, no? (maybe slower?).
-
For example, I subscribe to the DynDNS "Internet Guide" service (it is cheap for 10 public IPs). So it can filter name responses for categories of sites (porn, violent…). That does a good job of keeping staff away from that sort of content.
So I want the pfSense DNS to just forward to DynDNS servers, because I really do want a changed (filtered) view of what the real root servers have. -
DNS Forwarder Host Overrides - the aliases (if any) of the main host override display on the main screen, in addition to the main override entry itself.
DNS Resolver Host Overrides - the aliases (if any) of the main host override do not display on the main screen. Only the main override entry itself is displayed.
It is not effecting what is stored in the actual config. When you edit a DNS Resolver Host Override the aliases are there.Does anybody care?
Leave it as it is?
-
It'd be nice to have that back if you'd like to put in a pull request Phil. If not, it's not a big deal.
-
Hi
Is asking to match if the aliases appears like expanded p2 in IPsec, more or less?
Thanks
Edit: Can't start Resolver with DHCP Registration (Register DHCP leases in the DNS Resolver) checked.
Resolver log:
Nov 19 18:13:32 unbound: [86446:0] notice: Restart of unbound 1.4.22. Nov 19 18:13:32 unbound: [86446:0] fatal error: Could not read config file: /unbound.conf Nov 19 18:14:04 unbound: [40605:0] notice: init module 0: iterator Nov 19 18:14:04 unbound: [40605:0] info: start of service (unbound 1.4.22). Nov 19 18:14:04 unbound: [40605:0] info: service stopped (unbound 1.4.22). Nov 19 18:14:04 unbound: [40605:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch Nov 19 18:14:04 unbound: [40605:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 Nov 19 18:14:04 unbound: [40605:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch Nov 19 18:14:04 unbound: [40605:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
System -> General log:
dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
-
@cmb:
It'd be nice to have that back if you'd like to put in a pull request Phil. If not, it's not a big deal.
Yes, I will have a look. It should be just a copy-paste-search-replace operation to put the same functionality into the Resolver host override aliases case.
and yes, it was that easy, pull request: https://github.com/pfsense/pfsense/pull/1344 -
@mais_um:
Edit: Can't start Resolver with DHCP Registration (Register DHCP leases in the DNS Resolver) checked.
I'm seeing the same behavior this morning after updating to the latest snapshot. I turned off the DHCP registration stuff in DNS Resolver and it starts up just fine.
-
Hi
Thu Nov 20 00:23:34 CST 2014 build i can enable DHCP Registration.
-
Today with build Fri Nov 21 01:58:53 CST 2014 I'm getting again 'fatal error: Could not read config file: /unbound.conf' with DHCP Registration checked.
-
Today with build Fri Nov 21 01:58:53 CST 2014 I'm getting again 'fatal error: Could not read config file: /unbound.conf' with DHCP Registration checked.
Can't seem to replicate that. How is your Unbound configured?
-
-
To me, it gives the error attached if I try to start resolver with "Register DHCP leases in the DNS Resolver" set.
2.2-BETA (amd64)
built on Fri Nov 21 08:16:06 CST 2014
FreeBSD 10.1-RELEASE
-
@cmb:
Today with build Fri Nov 21 01:58:53 CST 2014 I'm getting again 'fatal error: Could not read config file: /unbound.conf' with DHCP Registration checked.
Can't seem to replicate that. How is your Unbound configured?
With version '2.2-BETA (amd64) built on Fri Nov 21 08:16:06 CST 2014' unbound started directly after upgrade. After another reboot it didn't start with DHCP Registration ('Register DHCP leases in the DNS Resolver') on.
-
What's in your resolver log? Re: config, how are all the settings under Services>DNS Resolver configured?
-
resolver.log
Nov 21 23:04:26 unbound: [6842:0] fatal error: Could not read config file: /unbound.conf Nov 21 23:04:26 unbound: [6842:0] info: ignored infra-lame-ttl: 900 (option removed, use infra-host-ttl) Nov 21 23:04:26 unbound: [6842:0] notice: Restart of unbound 1.4.22. Nov 21 23:04:26 unbound: [6842:0] debug: cache memory msg=66072 rrset=66072 infra=2600 val=66280 Nov 21 23:04:26 unbound: [6842:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out Nov 21 23:04:26 unbound: [6842:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0 Nov 21 23:04:26 unbound: [6842:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch Nov 21 23:04:26 unbound: [6842:0] debug: cache memory msg=66072 rrset=66072 infra=2600 val=66280 Nov 21 23:04:26 unbound: [6842:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out Nov 21 23:04:26 unbound: [6842:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 Nov 21 23:04:26 unbound: [6842:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch Nov 21 23:04:26 unbound: [6842:0] info: service stopped (unbound 1.4.22). Nov 21 23:04:26 unbound: [6842:0] debug: caught signal SIGHUP Nov 21 23:04:26 unbound: [6842:1] debug: cache memory msg=66072 rrset=66072 infra=2600 val=66280 Nov 21 23:04:26 unbound: [6842:0] info: start of service (unbound 1.4.22). Nov 21 23:04:26 unbound: [6842:0] debug: cache memory msg=66072 rrset=66072 infra=2600 val=66280 Nov 21 23:04:26 unbound: [6842:0] debug: target fetch policy for level 4 is 0 Nov 21 23:04:26 unbound: [6842:0] debug: target fetch policy for level 3 is 0 Nov 21 23:04:26 unbound: [6842:0] debug: target fetch policy for level 2 is 1 Nov 21 23:04:26 unbound: [6842:0] debug: target fetch policy for level 1 is 2 Nov 21 23:04:26 unbound: [6842:0] debug: target fetch policy for level 0 is 3 Nov 21 23:04:26 unbound: [6842:0] notice: init module 1: iterator Nov 21 23:04:26 unbound: [6842:0] notice: init module 0: validator Nov 21 23:04:26 unbound: [6842:0] debug: module config: "validator iterator" Nov 21 23:04:26 unbound: [6842:0] debug: duplicate acl address ignored. Nov 21 23:04:26 unbound: [6842:0] debug: drop user privileges, run as unbound Nov 21 23:04:26 unbound: [6842:0] debug: chroot to /var/unbound Nov 21 23:04:26 unbound: [6842:0] debug: chdir to /var/unbound Nov 21 23:04:25 unbound: [87880:0] debug: switching log to stderr Nov 21 23:04:25 unbound: [87880:0] debug: cache memory msg=66072 rrset=66072 infra=288782 val=149925 Nov 21 23:04:25 unbound: [87880:0] info: 1.000000 2.000000 7 Nov 21 23:04:25 unbound: [87880:0] info: 0.524288 1.000000 21 Nov 21 23:04:25 unbound: [87880:0] info: 0.262144 0.524288 62 Nov 21 23:04:25 unbound: [87880:0] info: 0.131072 0.262144 100 Nov 21 23:04:25 unbound: [87880:0] info: 0.065536 0.131072 50 Nov 21 23:04:25 unbound: [87880:0] info: 0.032768 0.065536 83 Nov 21 23:04:25 unbound: [87880:0] info: 0.016384 0.032768 176 Nov 21 23:04:25 unbound: [87880:0] info: 0.008192 0.016384 27 Nov 21 23:04:25 unbound: [87880:0] info: 0.004096 0.008192 1 Nov 21 23:04:25 unbound: [87880:0] info: 0.000000 0.000001 37 Nov 21 23:04:25 unbound: [87880:0] info: lower(secs) upper(secs) recursions Nov 21 23:04:25 unbound: [87880:0] info: [25%]=0.0234589 median[50%]=0.0489546 [75%]=0.195297 Nov 21 23:04:25 unbound: [87880:0] info: histogram of recursion processing times Nov 21 23:04:25 unbound: [87880:0] info: average recursion processing time 0.139959 sec Nov 21 23:04:25 unbound: [87880:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 564 recursion replies sent, 0 replies dropped, 0 states jostled out Nov 21 23:04:25 unbound: [87880:0] info: server stats for thread 1: requestlist max 14 avg 0.603774 exceeded 0 jostled 0 Nov 21 23:04:25 unbound: [87880:0] info: server stats for thread 1: 1688 queries, 1124 answers from cache, 564 recursions, 178 prefetch Nov 21 23:04:25 unbound: [87880:0] debug: cache memory msg=66072 rrset=66072 infra=288782 val=149925 Nov 21 23:04:25 unbound: [87880:0] info: 1.000000 2.000000 1 Nov 21 23:04:25 unbound: [87880:0] info: 0.524288 1.000000 14 Nov 21 23:04:25 unbound: [87880:0] info: 0.262144 0.524288 30 Nov 21 23:04:25 unbound: [87880:0] info: 0.131072 0.262144 42 Nov 21 23:04:25 unbound: [87880:0] info: 0.065536 0.131072 28 Nov 21 23:04:25 unbound: [87880:0] info: 0.032768 0.065536 39 Nov 21 23:04:25 unbound: [87880:0] info: 0.016384 0.032768 52 Nov 21 23:04:25 unbound: [87880:0] info: 0.008192 0.016384 13 Nov 21 23:04:25 unbound: [87880:0] info: 0.004096 0.008192 1 Nov 21 23:04:25 unbound: [87880:0] info: 0.000000 0.000001 18 Nov 21 23:04:25 unbound: [87880:0] info: lower(secs) upper(secs) recursions Nov 21 23:04:25 unbound: [87880:0] info: [25%]=0.0250486 median[50%]=0.0621752 [75%]=0.216893 Nov 21 23:04:25 unbound: [87880:0] info: histogram of recursion processing times Nov 21 23:04:25 unbound: [87880:0] info: average recursion processing time 0.147787 sec Nov 21 23:04:25 unbound: [87880:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 238 recursion replies sent, 0 replies dropped, 0 states jostled out Nov 21 23:04:25 unbound: [87880:0] info: server stats for thread 0: requestlist max 40 avg 3.168 exceeded 0 jostled 0 Nov 21 23:04:25 unbound: [87880:0] info: server stats for thread 0: 548 queries, 310 answers from cache, 238 recursions, 12 prefetch Nov 21 23:04:25 unbound: [87880:0] info: service stopped (unbound 1.4.22). Nov 21 23:04:25 unbound: [87880:0] debug: caught signal SIGTERM Nov 21 23:04:23 unbound: [87880:1] debug: cache memory msg=418824 rrset=714129 infra=288782 val=149925 Nov 21 23:04:23 unbound: [87880:1] info: validator operate: query cl4appf.com. A IN Nov 21 23:04:23 unbound: [87880:1] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone Nov 21 23:04:23 unbound: [87880:1] info: finishing processing for cl4appf.com. A IN Nov 21 23:04:23 unbound: [87880:1] info: query response was ANSWER Nov 21 23:04:23 unbound: [87880:1] info: reply from <cl4appf.com.> 78.140.168.56#53 Nov 21 23:04:23 unbound: [87880:1] info: response for cl4appf.com. A IN Nov 21 23:04:23 unbound: [87880:1] info: sanitize: storing potential poison RRset: ns2.dcrmt.net. A IN Nov 21 23:04:23 unbound: [87880:1] info: sanitize: storing potential poison RRset: ns1.dcrmt.net. A IN Nov 21 23:04:23 unbound: [87880:1] info: iterator operate: query cl4appf.com. A IN Nov 21 23:04:23 unbound: [87880:1] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply Nov 21 23:04:23 unbound: [87880:1] debug: cache memory msg=418824 rrset=714129 infra=288782 val=149925 Nov 21 23:04:23 unbound: [87880:1] info: Verified that unsigned response is INSECURE Nov 21 23:04:23 unbound: [87880:1] info: validator operate: query cl4appf.com. AAAA IN Nov 21 23:04:23 unbound: [87880:1] debug: validator[module 0] operate: extstate:module_wait_subquery event:module_event_pass Nov 21 23:04:23 unbound: [87880:1] info: NSEC3s for the referral proved no DS. Nov 21 23:04:23 unbound: [87880:1] info: validator operate: query cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone Nov 21 23:04:23 unbound: [87880:1] info: finishing processing for cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] info: query response was nodata ANSWER Nov 21 23:04:23 unbound: [87880:1] info: reply from <com.> 2001:503:a83e::2:30#53 Nov 21 23:04:23 unbound: [87880:1] info: response for cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] info: iterator operate: query cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply Nov 21 23:04:23 unbound: [87880:1] debug: cache memory msg=418824 rrset=714129 infra=288782 val=149925 Nov 21 23:04:23 unbound: [87880:1] debug: sending to target: <com.> 2001:503:a83e::2:30#53 Nov 21 23:04:23 unbound: [87880:1] info: sending query: cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] info: processQueryTargets: cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] info: resolving (init part 3): cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] info: resolving (init part 2): cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] info: resolving cl4appf.com. DS IN Nov 21 23:04:23 unbound: [87880:1] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass Nov 21 23:04:23 unbound: [87880:1] info: validator operate: query cl4appf.com. DS IN</com.></com.></cl4appf.com.>
system.log
Nov 21 23:04:26 zh01-rt02 dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Nov 21 23:04:27 zh01-rt02 dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Nov 21 23:04:29 zh01-rt02 dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Nov 21 23:04:29 zh01-rt02 dhcpleases: kqueue error: unkown Nov 21 23:04:29 zh01-rt02 dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
Image with options is attached.
![Screenshot 2014-11-21 23.10.46.gif](/public/imported_attachments/1/Screenshot 2014-11-21 23.10.46.gif)
![Screenshot 2014-11-21 23.10.46.gif_thumb](/public/imported_attachments/1/Screenshot 2014-11-21 23.10.46.gif_thumb) -
2.2-BETA (amd64)
built on Sat Nov 22 01:52:19 CST 2014
FreeBSD 10.1-RELEASEAfter today's upgrade Resolver "went to sleep", had to switch for DNS Forwarder.
Oct 28 14:12:42 unbound: [23277:3] notice: sendto failed: No buffer space available
I know, the date is wrong.
-
Today with build Fri Nov 21 01:58:53 CST 2014 I'm getting again 'fatal error: Could not read config file: /unbound.conf' with DHCP Registration checked.
That seems to be fixed after merging a pull request from wagonza yesterday. I found one system where I could replicate that, and after that change, I no longer could. There is a bug ticket on that issue. https://redmine.pfsense.org/issues/4036
Others who could replicate that, are you seeing it on snapshots from the 23rd or newer?