Issues on cron updates
-
Right finally got there.
The reload crashing is due to improper configuration by pfsense, unbound has to be started with the unbound.conf outside of the chroot, and then unbound will handle the changeover to the root path, when this is done then reload works properly. To fix this requires some work on core pfsense code.
So I implemented a alternate fix for pfblockerng.
My fix will shutdown unbound with unbound-control stop
wait 1 second
Then start it againI tested with force DNSBL RELOAD in the gui and it does work.
I am attaching the modified file so you can examine and change as you feel fit, hopefully you will use the changed code.
output of relevant part of log looks like this now.
------------------------------------------ Assembling database... completed Validating database... completed [ 01/06/17 14:24:28 ] Restarting Unbound..... completed DNSBL update [ 402834 | PASSED ]... completed [ 01/06/17 14:24:43 ] ------------------------------------------and in resolver log at same time
Jan 6 14:24:41 unbound 58955:0 info: start of service (unbound 1.6.0). -
Right finally got there.
The reload crashing is due to improper configuration by pfsense, unbound has to be started with the unbound.conf outside of the chroot, and then unbound will handle the changeover to the root path, when this is done then reload works properly. To fix this requires some work on core pfsense code.
So I implemented a alternate fix for pfblockerng.
My fix will shutdown unbound with unbound-control stop
wait 1 second
Then start it againI tested with force DNSBL RELOAD in the gui and it does work.
I am attaching the modified file so you can examine and change as you feel fit, hopefully you will use the changed code.
output of relevant part of log looks like this now.
------------------------------------------ Assembling database... completed Validating database... completed [ 01/06/17 14:24:28 ] Restarting Unbound..... completed DNSBL update [ 402834 | PASSED ]... completed [ 01/06/17 14:24:43 ] ------------------------------------------and in resolver log at same time
Jan 6 14:24:41 unbound 58955:0 info: start of service (unbound 1.6.0).Why don't your discuss this with BBCan17, He is very nice to talk with.
-
isnt that what i am doing here? or do you mean in private.
-
no issues on the daily update cron with the modified code.
-
I am experiencing exactly the same issue. Oddly enough I also run on Braswell N3150 (Zotac CI323 Nano). Your fix worked for me too.
-
I am experiencing exactly the same issue. Oddly enough I also run on Braswell N3150 (Zotac CI323 Nano). Your fix worked for me too.
Is the fix still needed as per https://forum.pfsense.org/index.php?topic=125773.msg694952#msg694952
My problem is now solved after following advice from BBcan177.
It turns out that all includes in unbound.conf options need to point to the same folder: /var/unbound.I had following in my configuration:
My domain overrides
server:include: /usr/local/etc/unbound/se-servers.conf
All I needed to do is to change the /usr/local/etc/unbound to /var/unbound, and unbound stopped crashing on "reload".
My domain overrides
server:include: /var/unbound//se-servers.conf
Thank you very much BBcan177 for this great package!
-
Yes. That fixed this problem for me. If your problem is not caused by the similar issue you can always modify pfblockerng.inc script and replace "reload" with stop, sleep and run sequence.
-
that solution does make sense actually. :)
-
-
bbcan17 yep, I looked into the solution but the problem is pfsense itself adds an include pointing to a config in /etc, so I would have to mod the pfsense code to remove the mod on pfblockerng defeating the purpose of removing the mod.
I am planning to do a pull request to pfsense to make that include inside the chroot which if we are right will then solve the reload problem with pfblockerng.
-
actually I see all the pfsense includes are using /var/unbound it was only my own which I have now moved.
I will test reload later today, and if that works then revert the pfblockerng code on my box to see if the cron's are good.
-
Hi there
Just registered to post my conclusion.
I had the same issue with my pfsense box v. 2.3.3.
Unbound-service was restarting very frequently, unbound worked, but due to the restart i had sometimes gaps where in some special cases services broke down / where not able to synchronize etc.
It was caused by dhcp which tried to register new leases or entries (not 100% what it exactly wanted to register) but i see a lot of dhcpv6 log-entries.
At the end i figured out that on my WAN interface that the configuration type of ipv6 was dhcp, after i switched it to none, all problems disappeared.
Why this configuration exactly caused this problem, not sure at this moment, i'm anyway not using actively ipv6.
I will post more information if i have them.
Hopefully this helps.
Cheers, treeol
