Upgrading from 2.3.2 -> 2.3.2-p1 - DNS Resolver service failed
-
After the upgrade the DNS Resolver doesn't start when using pfBlocker with DNSBL.
Systemlog:
rc.bootup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:93: error: cannot open include file '/var/unbound/pfb_dnsbl.conf': No such file or directory read /var/unbound/unbound.conf failed: 1 errors in configuration file [1475819560] unbound[35120:0] fatal error: Could not read config file: /var/unbound/unbound.conf'Workaround:
- Disable pfBlocker DNSBL
- Restart DNS Resolver
- Enable pfBlocker DNSBL
- Run Update, the file will be rebuild
….
UPDATE PROCESS START [ 10/07/16 07:43:21 ]
===[ DNSBL Process ]================================================
Missing DNSBL stats and/or Unbound DNSBL conf file - RebuildingAfter reloading the firewall, the problem still exists
[EDIT] seems to be a only problem when /var in RAM
-
FYI just did the same upgrade and did not have an issue.
-
It is good practice to disable packages like pfBlockerNG, Snort, Suricata, etc that can interfere with internet access or DNS before doing an upgrade.
-
After the upgrade the DNS Resolver doesn't start when using pfBlocker with DNSBL.
The package has a feature to backup and restore the DNSBL database for RAMDisk installations.
There is an open Redmine, to fix this for certain scenarios:
https://redmine.pfsense.org/issues/6603 -
One year and three heart surgeries later my doc told me not to stress. I did :P
BB, on my backup pfsense, Dell R200, there is indeed the problem that after the upgrade to 2.3.2-1 Unbound will refuse to start as long as DNSBL is active, and GUI becomes very inresponsive (nonresponsive/nonresponsive/deresponsive/antiresponsive: pick one :-* ).
-
Hey Mr.J…
Sorry for any added stress.. :) However, this is something that needs to be fixed in pfSense Unbound... There is an open Redmine here:
https://redmine.pfsense.org/issues/6603
Basically, if you take a backup with DNSBL enabled... Then use this backup configuration in a new machine that doesn't have pfBlockerNG/DNSBL installed, then Unbound will not start since the Unbound Custom options is trying to load "server:include: /var/unbound/pfb_dnsbl.conf"....
So either remove that line, and restart Unbound, or take the future backups with DNSBL disabled...
or create a dummy file :
touch /var/unbound/pfb_dnsbl.confHopefully the devs apply a patch to fix this issue once and for all….
-
The package has a feature to backup and restore the DNSBL database for RAMDisk installations.
Where can I find that feature precisely? Thanks in advance!
-
@Ibor:
The package has a feature to backup and restore the DNSBL database for RAMDisk installations.
Where can I find that feature precisely? Thanks in advance!
Its done automatically in the background when RAMDisks are enabled…. No real need to touch it...
