No IPV6 after reboot!!!

jcyr

Ok, got to the bottom of this. In 2.2-BETA (i386) built on Wed Dec 03 13:29:19 CST 2014, selecting a link-local interface as unbound network interface causes an invalid access-control statement to be created since link-local addresses do not have a subnet. This causes unbound to fail at startup… resulting in no DNS support.

Fixed by pull request #1360

Everything seems to work now... (keeping fingers crossed)

cmb

Thanks for the help tracking that down.

I committed a change to switch unbound_configure and dhcpd_configure order in interfaces.inc, matching what you submitted. I don't see where it should make a difference either way, and I can't replicate what you're seeing there, but if you could provide feedback it'd be appreciated.

jcyr

You guys don't have a Comcast cablemodem link? Presently the largest deployed IPV6 supporting network… any problems there will affect many.

MikeV7896

I've rebooted my pfSense 2.2 box four times over the past two days - twice for snapshot updates. All times my Comcast IPv6 connection has come back online with no issues. I had issues in earlier builds where I would have to do a release/renew on my WAN interface to restore IPv6 connectivity, but that doesn't appear to be an issue for me anymore.

jcyr

The recent problems occurred only when using unbound with specific interfaces selected.

cmb

@jcyr:

You guys don't have a Comcast cablemodem link?

We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

MikeV7896

@cmb:

@jcyr:

You guys don't have a Comcast cablemodem link?

We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

Hahaha… I have another option (FiOS oddly enough) but their equipment in my MDU building is old enough that they can only provide me with 20-25Mbps down service via VDSL, while I can get 100Mbps down service from Comcast for about the same cost for internet only. That combined with IPv6 (which Verizon hasn't even started rolling out anywhere) is why I have picked Comcast over Verizon.

But I'm definitely not a developer here... just a user. :)

jcyr

@cmb:

@jcyr:

You guys don't have a Comcast cablemodem link?

We're all fortunate enough to live somewhere where Comcast isn't the cable provider.

Yeah, I read about the continuous drumbeat of Comcast grievances.

However, they've provided me with a rock-solid 55mbps link and early native IPV6 support. No V6 tunnels here… no complaints from me.

MikeV7896

Ok…

So I went into the unbound settings... changed interfaces to localhost, lan, lan ipv6 link-local... changed outgoing interfaces to wan and wan ipv6 link-local. Saved changes, applied settings... unbound doesn't restart, in the log is...

Dec 4 21:31:40	unbound: [89497:0] error: cannot parse netblock: '/'
Dec 4 21:31:40	unbound: [89497:0] error: cannot parse access control: / allow
Dec 4 21:31:40	unbound: [89497:0] fatal error: Could not setup access control list

This is the same issue that happened last time I reported it in the DNS Resolver thread. I don't obtain an IPv6 address on my WAN, just a prefix. But I need to keep WAN in the outgoing interfaces for IPv4.

But this isn't about unbound, this is about IPv6 not working after reboot. So I reboot the box…

On reboot, unbound doesn't restart. But IPv6 itself works fine. Below is a ping to the IP address of a VPS I have:

Pinging 2604:a880:800:xxx::xxxx with 32 bytes of data:
Reply from 2604:a880:800:xxx::xxxx: time=21ms
Reply from 2604:a880:800:xxx::xxxx: time=22ms
Reply from 2604:a880:800:xxx::xxxx: time=30ms
Reply from 2604:a880:800:xxx::xxxx: time=21ms

Of course I can't use a hostname since unbound isn't started, but pinging the IP address works just fine. After I change Unbound's interfaces and outgoing interfaces back to all, it starts up and works just fine. I'm sure it would work fine if I just set Outoing Interfaces back to all… but not a big deal to me.

edit: regarding the unbound bug I mentioned earlier... the issue reported before was that this same situation happened with "All" selected when not obtaining a WAN DHCPv6 address, just a prefix... so the same fix needs to be applied to WAN as well.

cmb

@virgiliomi:

Ok…

So I went into the unbound settings... changed interfaces to localhost, lan, lan ipv6 link-local... changed outgoing interfaces to wan and wan ipv6 link-local. Saved changes, applied settings... unbound doesn't restart, in the log is...

That should be fixed by: https://github.com/pfsense/pfsense/pull/1365

which won't show up in snapshots until after 2.2-RC goes out to the mirrors, likely Friday.

MikeV7896

Sure enough, selecting just WAN for outgoing interface and LAN + Localhost for interfaces works just fine.