Mountroot issues after 2.2 upgrade
-
Can somebody change this title ? promotes negative vibes … everybody knows that if you install a product that was released YESTERDAY even if it is in "RELEASE" status issues can occur because an internal "test" cannot beat hundreds of users installing and breaking things :)
How about renaming title to "mountroot issues after 2.2 upgrade"
But just for the record ... what were the model / hardware configuration of your other systems that bricked ? were they installed on SD cards, CF cards, SSD ?? ... what storage ? I have seen mountroot issues unless you added a "delay" in the booting process, especially for usb connected media.
-
Looks like xen vm but it's on release note. "run this before update"…
And you should never update anything without testing or backup first.
-
Okay … this line here: vfs.root.mountfrom=ufs:/dev/ad6s1a
As far as i remember, the newer versions of FreeBSD use ada0, ada1, etc for SATA and da0, da1, etc for USB or SAS HBA cards, etc.
-
-
same issue here: https://forum.pfsense.org/index.php?topic=87330.0
It's either naming or you need to introduce a delay … i'm assuming...
-
I upgraded two systems today, both via the autoupgrade. One is a little nanoBSD box at home and the other is the main firewall at work - running on a Dell. Both upgrades were flawless with no problems - both boxes support a pair of WAN interfaces with LAN, Wi-Fi, SIP, and a VPN and custom rules.
I read through the upgrade notes before performing the upgrades - and uninstalled all packages prior to running the autoupgrade and made backups of the configurations. Uninstalling the packages is something that I have not done in the past and it definitely made the whole process much quicker than past upgrades.
-
Uninstalling the packages is something that I have not done in the past and it definitely made the whole process much quicker than past upgrades.
+1. This is the way I do upgrades since a while.
-
4 servers updated so far and all switched to unbound - 0 problems so far. 2 in ESXi and 2 physical.
-
I upgraded two systems today, both via the autoupgrade. One is a little nanoBSD box at home and the other is the main firewall at work - running on a Dell. Both upgrades were flawless with no problems - both boxes support a pair of WAN interfaces with LAN, Wi-Fi, SIP, and a VPN and custom rules.
I read through the upgrade notes before performing the upgrades - and uninstalled all packages prior to running the autoupgrade and made backups of the configurations. Uninstalling the packages is something that I have not done in the past and it definitely made the whole process much quicker than past upgrades.
so uninstall the package first and then use autoupgrade and import the package backup config after?
-
Thats what I did with the VMs running on GB connection with lots of packages.
-
Thats what I did with the VMs running on GB connection with lots of packages.
how did you backup the package? or just import the anything after autoupgraded?
-
4 servers updated so far and all switched to unbound - 0 problems so far. 2 in ESXi and 2 physical.
Upgraded with no issues as well. Is the switch to unbound automatic?
Cheers!
-
What are you using for web filtering, squidguard not able to install
-
Nope - I sort of wish it was. Its no big deal to switch though. 1 minute? Maybe 2?
-
Nope - I sort of wish it was. Its no big deal to switch though. 1 minute? Maybe 2?
Sorry for the newbie question but could you please explain the steps? Thanks!
-
1. update to pfsense 2.2
2. go to services > DNS forwarder - un-check " Enable DNS forwarder" then save
3. go to services > DNS Resolver - check "enable dns resolver" then saveI also enabled DNSSEC, Register DHCP leases in the DNS Resolver, Register DHCP static mappings in the DNS Resolver (all optional)
and in the advanced settings TAB I enabled Prefetch Support, Prefetch DNS Key Support (these should make DNS abit zippier) (also optional)
I considering enabling Harden Glue and Harden DNSSEC data but I'm no sure. Maybe someone else will chime in. The POSSIBLE issue I see is that once I turn those on any site on the web that hasn't configured DNS 100% perfectly might just disappear and become unavailable to me even though they aren't spoofing or being spoofed? Not sure how this will impact my network if I turn them on basically.
Also, I went to system > general setup and deleted all my DNS server IPs from that list. (seems optional)
Then I un-checked "Allow DNS server list to be overridden by DHCP/PPP on WAN" (seems optional)
and I checked "Do not use the DNS Forwarder as a DNS server for the firewall" (seems required)
And clicked save - always click save when you change things.
These changes should take you off the ISP DNS, any public DNS servers and put you on the Internets main root DNS servers with DNSSEC.
At this point, the only issue (not really an issue) is that large well organized very good ISPs may cache alot of content and may also direct you to the very nearest content servers if you are using their DNS, which you will not be. I'm not too sure how big a performance hit you may take, if any. Maybe someone else can chime in on that subject?
I haven't noticed anything bad myself. I have noticed less issues on the physical LAN with windows machines. They seem to be resolving much faster and more reliably now.
Here in my location, I'm VPNing in and using pfsense DNS over the tunnel and its resolving both IPv4 and IPV6 just fine.
Hope that helps.
-
If pictures help, this is my home config, just set your interfaces and turn off Forwarder and Turn on Resolver. :)
Edited to include: Wpad.dat, and the Advanced options is specific to my setup.
-
Last question (For now LOL), what is/are the advantages/disadvantages of unbound vs the current DNS Forwarder.
Thanks! -
Its just generally better, more robust and feature rich. (also more secure)
Unbound is a validating, recursive and caching DNS server.
Dnsmasq is a lightweight, easy to configure DNS forwarder.
So, one is a DNS server and the other in merely a forwarder for other DNS servers.
-
I am only running a home network should I still make the change in your opinion?
Cheers!
