Unbound seems to be restarting frequently

nextloop

I have WAN and LAN IPv6 both static and I am also affected by it.

ky41083

For 2.3.x users without DNSBL active, this fixes everything. Someone could easily make a diff patch for DNSBL based on it as well:
https://forum.pfsense.org/index.php?topic=119467.msg661037#msg661037

pfadmin

hi, same problem. IPv6 every 15 minutes starts unbound and with dnsbl it tooks a long time..

ky41083, your link doesn't work, same here https://redmine.pfsense.org/issues/5413

Any solution? cache or not is not realy the problem, no answer is what I get.

pfadmin

scurrier

+1 I am affected by this as well.  Whenever the DHCP logs show "Sending HUP signal to dns daemon(17620)" the DNS logs show that unbound has reset.

StyleNZ

@scurrier:

+1 I am affected by this as well.  Whenever the DHCP logs show "Sending HUP signal to dns daemon(17620)" the DNS logs show that unbound has reset.

+1. Same problem for me too. I was using using DHCP on my Windows Server originally without problem but have now since switched to using pfSense for DHCP as the layout and customization is better suited to my liking. Since changing, I have noticed Unbound stopping from DHCP interfering with it like you say and others here have said. I took some screen shots of the logs too if it could be of assistance.

I also use pfBlockerNG with DNSBL also.

Cheers.

[Edit: Unchecking Register DHCP leases in the DNS Resolver appears to have resolved it for me. Leaving the static mappings checked seems to be fine so far though, I'll report back later otherwise.]

dersch

+1 i have the same issue now since a couple of days without changing anything! Running on 2.4.2-DEVELOPMENT because i need the PPPOE Vlan Tag functionality which is not working with the latest stable.

Nov 15 14:32:17	unbound	58529:0	info: start of service (unbound 1.6.6).
Nov 15 14:32:17	unbound	58529:0	notice: init module 1: iterator
Nov 15 14:32:17	unbound	58529:0	notice: init module 0: validator
Nov 15 14:32:17	unbound	58529:0	notice: Restart of unbound 1.6.6.
Nov 15 14:32:17	unbound	58529:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:17	unbound	58529:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:17	unbound	58529:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:17	unbound	58529:0	info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:17	unbound	58529:0	info: service stopped (unbound 1.6.6).
Nov 15 14:32:17	unbound	58529:0	info: start of service (unbound 1.6.6).
Nov 15 14:32:17	unbound	58529:0	notice: init module 1: iterator
Nov 15 14:32:17	unbound	58529:0	notice: init module 0: validator
Nov 15 14:32:14	unbound	15323:0	info: 0.065536 0.131072 3
Nov 15 14:32:14	unbound	15323:0	info: 0.016384 0.032768 1
Nov 15 14:32:14	unbound	15323:0	info: lower(secs) upper(secs) recursions
Nov 15 14:32:14	unbound	15323:0	info: [25%]=0.032768 median[50%]=0.0873813 [75%]=0.109227
Nov 15 14:32:14	unbound	15323:0	info: histogram of recursion processing times
Nov 15 14:32:14	unbound	15323:0	info: average recursion processing time 0.067271 sec
Nov 15 14:32:14	unbound	15323:0	info: server stats for thread 1: requestlist max 1 avg 0.25 exceeded 0 jostled 0
Nov 15 14:32:14	unbound	15323:0	info: server stats for thread 1: 4 queries, 0 answers from cache, 4 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:14	unbound	15323:0	info: 0.065536 0.131072 1
Nov 15 14:32:14	unbound	15323:0	info: lower(secs) upper(secs) recursions
Nov 15 14:32:14	unbound	15323:0	info: [25%]=0 median[50%]=0 [75%]=0
Nov 15 14:32:14	unbound	15323:0	info: histogram of recursion processing times
Nov 15 14:32:14	unbound	15323:0	info: average recursion processing time 0.081054 sec
Nov 15 14:32:14	unbound	15323:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:14	unbound	15323:0	info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:14	unbound	15323:0	info: service stopped (unbound 1.6.6).
Nov 15 14:32:11	unbound	15323:0	info: start of service (unbound 1.6.6).
Nov 15 14:32:11	unbound	15323:0	notice: init module 1: iterator
Nov 15 14:32:11	unbound	15323:0	notice: init module 0: validator
Nov 15 14:32:11	unbound	15323:0	notice: Restart of unbound 1.6.6.
Nov 15 14:32:11	unbound	15323:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:11	unbound	15323:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:11	unbound	15323:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:11	unbound	15323:0	info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:11	unbound	15323:0	info: service stopped (unbound 1.6.6).
Nov 15 14:32:11	unbound	15323:0	info: start of service (unbound 1.6.6).
Nov 15 14:32:11	unbound	15323:0	notice: init module 1: iterator
Nov 15 14:32:11	unbound	15323:0	notice: init module 0: validator
Nov 15 14:32:08	unbound	83784:0	info: 0.131072 0.262144 1
Nov 15 14:32:08	unbound	83784:0	info: 0.065536 0.131072 1
Nov 15 14:32:08	unbound	83784:0	info: 0.016384 0.032768 2
Nov 15 14:32:08	unbound	83784:0	info: 0.001024 0.002048 1
Nov 15 14:32:08	unbound	83784:0	info: lower(secs) upper(secs) recursions
Nov 15 14:32:08	unbound	83784:0	info: [25%]=0.018432 median[50%]=0.028672 [75%]=0.114688
Nov 15 14:32:08	unbound	83784:0	info: histogram of recursion processing times
Nov 15 14:32:08	unbound	83784:0	info: average recursion processing time 0.062189 sec
Nov 15 14:32:08	unbound	83784:0	info: server stats for thread 1: requestlist max 2 avg 0.666667 exceeded 0 jostled 0
Nov 15 14:32:08	unbound	83784:0	info: server stats for thread 1: 6 queries, 0 answers from cache, 6 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:08	unbound	83784:0	info: 1.000000 2.000000 1
Nov 15 14:32:08	unbound	83784:0	info: 0.524288 1.000000 1
Nov 15 14:32:08	unbound	83784:0	info: 0.131072 0.262144 1
Nov 15 14:32:08	unbound	83784:0	info: 0.008192 0.016384 1
Nov 15 14:32:08	unbound	83784:0	info: lower(secs) upper(secs) recursions
Nov 15 14:32:08	unbound	83784:0	info: [25%]=0.016384 median[50%]=0.262144 [75%]=1
Nov 15 14:32:08	unbound	83784:0	info: histogram of recursion processing times
Nov 15 14:32:08	unbound	83784:0	info: average recursion processing time 0.753388 sec
Nov 15 14:32:08	unbound	83784:0	info: server stats for thread 0: requestlist max 3 avg 1.25 exceeded 0 jostled 0
Nov 15 14:32:08	unbound	83784:0	info: server stats for thread 0: 5 queries, 1 answers from cache, 4 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:08	unbound	83784:0	info: service stopped (unbound 1.6.6).
Nov 15 14:32:05	unbound	83784:0	info: start of service (unbound 1.6.6).
Nov 15 14:32:05	unbound	83784:0	notice: init module 1: iterator
Nov 15 14:32:05	unbound	83784:0	notice: init module 0: validator
Nov 15 14:32:05	unbound	83784:0	notice: Restart of unbound 1.6.6.
Nov 15 14:32:05	unbound	83784:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:05	unbound	83784:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:05	unbound	83784:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:05	unbound	83784:0	info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:05	unbound	83784:0	info: service stopped (unbound 1.6.6).
Nov 15 14:32:05	unbound	83784:0	info: start of service (unbound 1.6.6).
Nov 15 14:32:05	unbound	83784:0	notice: init module 1: iterator
Nov 15 14:32:05	unbound	83784:0	notice: init module 0: validator
Nov 15 14:32:02	unbound	39724:0	info: 0.008192 0.016384 1
Nov 15 14:32:02	unbound	39724:0	info: lower(secs) upper(secs) recursions
Nov 15 14:32:02	unbound	39724:0	info: [25%]=0 median[50%]=0 [75%]=0
Nov 15 14:32:02	unbound	39724:0	info: histogram of recursion processing times
Nov 15 14:32:02	unbound	39724:0	info: average recursion processing time 0.011720 sec
Nov 15 14:32:02	unbound	39724:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:02	unbound	39724:0	info: server stats for thread 1: 4 queries, 2 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:02	unbound	39724:0	info: 0.131072 0.262144 1
Nov 15 14:32:02	unbound	39724:0	info: lower(secs) upper(secs) recursions
Nov 15 14:32:02	unbound	39724:0	info: [25%]=0 median[50%]=0 [75%]=0
Nov 15 14:32:02	unbound	39724:0	info: histogram of recursion processing times
Nov 15 14:32:02	unbound	39724:0	info: average recursion processing time 0.152199 sec
Nov 15 14:32:02	unbound	39724:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:32:02	unbound	39724:0	info: server stats for thread 0: 2 queries, 0 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:32:02	unbound	39724:0	info: service stopped (unbound 1.6.6).
Nov 15 14:31:59	unbound	39724:0	info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Nov 15 14:31:59	unbound	39724:0	info: start of service (unbound 1.6.6).
Nov 15 14:31:59	unbound	39724:0	notice: init module 1: iterator
Nov 15 14:31:59	unbound	39724:0	notice: init module 0: validator
Nov 15 14:31:59	unbound	39724:0	notice: Restart of unbound 1.6.6.
Nov 15 14:31:59	unbound	39724:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:31:59	unbound	39724:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:31:59	unbound	39724:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 15 14:31:59	unbound	39724:0	info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 15 14:31:59	unbound	39724:0	info: service stopped (unbound 1.6.6).
Nov 15 14:31:59	unbound	39724:0	info: start of service (unbound 1.6.6).
Nov 15 14:31:59	unbound	39724:0	notice: init module 1: iterator

renegade

Similar issue on 2.4.1. already posted in pfblocker forum as i thought the error occurres from that side.

Nov 14 23:03:28 	unbound 	45240:0 	info: start of service (unbound 1.6.6).
Nov 14 23:02:57 	unbound 	45240:0 	info: service stopped (unbound 1.6.6).
Nov 14 23:02:57 	unbound 	45240:0 	info: start of service (unbound 1.6.6).
Nov 14 23:02:25 	unbound 	45240:0 	info: service stopped (unbound 1.6.6).
Nov 14 23:00:08 	filterdns 		adding entry 2a02:26f0:6a:280::3d5 to pf table certbot for host acme-v01.api.letsencrypt.org
Nov 14 23:00:08 	filterdns 		adding entry 2a02:26f0:6a:293::3d5 to pf table certbot for host acme-v01.api.letsencrypt.org
Nov 14 23:00:08 	filterdns 		adding entry 104.74.107.171 to pf table certbot for host acme-v01.api.letsencrypt.org 

renegade

are there any further investigations?
do you need more information/ logs?

Rai80

@renegade:

Similar issue on 2.4.1. already posted in pfblocker forum as i thought the error occurres from that side.

Nov 14 23:03:28 	unbound 	45240:0 	info: start of service (unbound 1.6.6).
Nov 14 23:02:57 	unbound 	45240:0 	info: service stopped (unbound 1.6.6).
Nov 14 23:02:57 	unbound 	45240:0 	info: start of service (unbound 1.6.6).
Nov 14 23:02:25 	unbound 	45240:0 	info: service stopped (unbound 1.6.6).
Nov 14 23:00:08 	filterdns 		adding entry 2a02:26f0:6a:280::3d5 to pf table certbot for host acme-v01.api.letsencrypt.org
Nov 14 23:00:08 	filterdns 		adding entry 2a02:26f0:6a:293::3d5 to pf table certbot for host acme-v01.api.letsencrypt.org
Nov 14 23:00:08 	filterdns 		adding entry 104.74.107.171 to pf table certbot for host acme-v01.api.letsencrypt.org 

Exact same issue here. Im on version 2.4.2.

It is solved when disabling DHCP registrations in DNS.

renegade

Please help! PfSense makes my internet unusable :(

Nov 18 10:58:23	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:57:51	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:47:31	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:47:00	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:47:00	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:46:28	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:41:26	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:40:55	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:31:13	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:30:42	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:27:40	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:27:08	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:12:35	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:12:04	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:10:21	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:09:49	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:09:08	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:08:37	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:02:36	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:02:05	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 10:02:05	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 10:01:33	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:47:30	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:46:59	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:46:59	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:46:27	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:31:13	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:30:42	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:30:03	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:29:32	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:16:18	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:15:47	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:14:59	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:14:27	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:12:44	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:12:12	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:11:02	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:10:30	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:02:33	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:02:02	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 09:02:02	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 09:01:30	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:47:29	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:46:58	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:46:58	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:46:26	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:31:13	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:30:42	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:24:07	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:23:36	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:20:02	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:19:31	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:19:26	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:18:55	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:17:22	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:16:51	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:15:07	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:14:36	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:02:30	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:01:59	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 08:01:59	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 08:01:27	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:47:28	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:46:57	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:46:57	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:46:25	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:34:07	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:33:36	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:31:13	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:30:42	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:25:38	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:25:07	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:21:50	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:21:19	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:19:46	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:19:14	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:17:31	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:16:59	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:02:27	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:01:56	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 07:01:56	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 07:01:25	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:55:00	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:54:28	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:46:56	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:46:24	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:43:53	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:43:22	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:43:22	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:42:51	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:31:13	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:30:41	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:24:14	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:23:42	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:22:09	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:21:37	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:19:54	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:19:23	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:02:24	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:01:53	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 06:01:53	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 06:01:22	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:47:26	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:46:55	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:46:55	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:46:23	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:43:33	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:43:02	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:41:43	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:41:11	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:31:44	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:31:12	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:31:12	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:30:41	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:26:36	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:26:04	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:24:32	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:24:01	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:22:18	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:21:46	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:02:21	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:01:50	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 05:01:50	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 05:01:19	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 04:46:54	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 04:46:22	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 04:44:23	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 04:43:52	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 04:31:12	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 04:30:41	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 04:29:30	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 04:28:59	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 04:28:59	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 04:28:28	unbound	41920:0	info: service stopped (unbound 1.6.6).
Nov 18 04:26:56	unbound	41920:0	info: start of service (unbound 1.6.6).
Nov 18 04:26:24	unbound	41920:0	info: service stopped (unbound 1.6.6).

Traveler

At the risk of necroposting, here is a related bug for unbound [1] and related merge request [2].

[1] https://redmine.pfsense.org/issues/5413
[2] https://github.com/pfsense/FreeBSD-ports/pull/751

swixo

This issue is causing issues on my fairly new deployment. I'd call it a deal-breaker had I found it sooner.

Does anyone have any insight as to whether it will be fixed or not?

s

Gertjan

Fixed :

!

swixo

@gertjan said in Unbound seems to be restarting frequently:

Fixed :

!

How is that fixed? It is still HUPping the resolver, and flushing the cache.

s

bmeeks

@swixo said in Unbound seems to be restarting frequently:

@gertjan said in Unbound seems to be restarting frequently:

Fixed :

!

How is that fixed? It is still HUPping the resolver, and flushing the cache.

s

Usually, it is the renewal of DHCP leases which results in the DHCP service restarting unbound (the DNS resolver, or forwarder, if using forwarding mode) so that it will reload its database of hostname/IP pairs. Unchecking that box prevents DHCP from registering the hosts' new leases with DNS. That, in turn, means unbound does not get restarted frequently.,

Another source of frequent unbound restarts is using the pfBlockerNG-devel package and its DNSBL feature. This is especially true with the new Python module integration. This setup can give the same symptoms as the DHCP leases scenario described above.

I will not disagree that there are better ways to fix this -- namely patching the DHCP system so that it uses the unbound control app to selectively load domains instead of flushing the entire cache and starting over with everything as it does now. But unless and until the pfSense developer team makes a change, the only two known solutions are to turn off the "Register DHCP leases in the DNS Resolver" option, and/or stop using the features of pfBlockerNG-devel that fiddle with unbound and frequently restart it.

swixo

@bmeeks said in Unbound seems to be restarting frequently:

@swixo said in Unbound seems to be restarting frequently:

@gertjan said in Unbound seems to be restarting frequently:

Fixed :

!

How is that fixed? It is still HUPping the resolver, and flushing the cache.

s

Usually, it is the renewal of DHCP leases which results in the DHCP service restarting unbound (the DNS resolver, or forwarder, if using forwarding mode) so that it will reload its database of hostname/IP pairs. Unchecking that box prevents DHCP from registering the hosts' new leases with DNS. That, in turn, means unbound does not get restarted frequently.,

Another source of frequent unbound restarts is using the pfBlockerNG-devel package and its DNSBL feature. This is especially true with the new Python module integration. This setup can give the same symptoms as the DHCP leases scenario described above.

I will not disagree that there are better ways to fix this -- namely patching the DHCP system so that it uses the unbound control app to selectively load domains instead of flushing the entire cache and starting over with everything as it does now. But unless and until the pfSense developer team makes a change, the only two known solutions are to turn off the "Register DHCP leases in the DNS Resolver" option, and/or stop using the features of pfBlockerNG-devel that fiddle with unbound and frequently restart it.

Right. We don't disagree. I understand that NOT registering local hosts from DHCP makes it not happen. But thats pretty 1990. Registering local hosts is very convenient and should work. And work without purging the DNS cache - by HUPping the deamon and restarting it.

I have been trying to find some subtle DNS failures and I have traced it to times when resolver is killed/restarting. It also occasionally leads to other small problems that would be considered annoyances.

It's a surprise that so much of this community is happy to just disable an important feature like registering DHCP leases with DNS and defend the practice because it fixes an other issue.

s

bmeeks

@swixo said in Unbound seems to be restarting frequently:

@bmeeks said in Unbound seems to be restarting frequently:

@swixo said in Unbound seems to be restarting frequently:

@gertjan said in Unbound seems to be restarting frequently:

Fixed :

!

How is that fixed? It is still HUPping the resolver, and flushing the cache.

s

Usually, it is the renewal of DHCP leases which results in the DHCP service restarting unbound (the DNS resolver, or forwarder, if using forwarding mode) so that it will reload its database of hostname/IP pairs. Unchecking that box prevents DHCP from registering the hosts' new leases with DNS. That, in turn, means unbound does not get restarted frequently.,

Another source of frequent unbound restarts is using the pfBlockerNG-devel package and its DNSBL feature. This is especially true with the new Python module integration. This setup can give the same symptoms as the DHCP leases scenario described above.

I will not disagree that there are better ways to fix this -- namely patching the DHCP system so that it uses the unbound control app to selectively load domains instead of flushing the entire cache and starting over with everything as it does now. But unless and until the pfSense developer team makes a change, the only two known solutions are to turn off the "Register DHCP leases in the DNS Resolver" option, and/or stop using the features of pfBlockerNG-devel that fiddle with unbound and frequently restart it.

Right. We don't disagree. I understand that NOT registering local hosts from DHCP makes it not happen. But thats pretty 1990. Registering local hosts is very convenient and should work. And work without purging the DNS cache - by HUPping the deamon and restarting it.

I have been trying to find some subtle DNS failures and I have traced it to times when resolver is killed/restarting. It also occasionally leads to other small problems that would be considered annoyances.

It's a surprise that so much of this community is happy to just disable an important feature like registering DHCP leases with DNS and defend the practice because it fixes an other issue.

s

Yeah, I'm not trying to defend the situation. I'm not impacted by it because I use Windows AD for DHCP and DNS. Just making sure you understood the two most likely causes and a solution (although certainly it's not a optimum one). You and I may be among the minority here, though, with regards to the importance of DNS working with DHCP clients. The view of many here is you just use static IP addresses with DHCP reservations, and update the DNS Resolver accordingly. I'm definitely not in that camp, especially for a larger business network where it is much easier to use DHCP "freestyle" and have it register hostnames for you in DNS.

Unbound itself also has an issue. The latest release of pfSense rolled back unbound to an earlier version to correct an issue with random segfaults.

swixo

You and I may be among the minority here, though, with regards to the importance of DNS working with DHCP clients. The view of many here is you just use static IP addresses with DHCP reservations, and update the DNS Resolver accordingly.

I used to do this to. Thirty years ago. It is much better to have local DHCP hosts registered. ESPECIALLY if you have multiple sites and tunnels between them.

Gertjan

@swixo

Switching of dhcpleases, the process that parses the DHCP leases list, and HUPs unbound, is, I totally agree, just a band aide.

But unbound doesn't work like, for example, bind (named) who is capable of re reading some file, and dealing with the changes on the fly, without completely restarting.

Btw @bmeeks, I'm using pfBlocker(latest) and its using unbound-control to 'inject' DNSBL changes. When pfBlocker found an updated DNSBL list, it parses out the changes, and communicates them to unbound.
For me, unbound restarts ones or twice a week, and even these restarts do not loose the DNS cache, as it is dump before the stop, and read back in when it restarts. That is, if pfBlocker was restarting it.

The thing is : unbound does the job, and is small enough - bind, with all it dependency, is huge, as it has much more capabilities.
It was working well, in the past, even with big networks connected to pfSense : devices do not tend to renew their lease every 5 minutes or so. But then some smart guy came allong and thought : hey, what if we feed unbound with host names that we want to short cut to ground ?
Big, no, huge DNSBL lists were build, and unbound needed a lot more time to start. People started to detect DNS outages.

pfSense doesn't control unbound, as it is an entire open source project of it's own. I never understood why unbound doesn't have some interface with ISC DHCP, the DHCP server used by pfSense.
It seems rather logic that on a device that has a resolver like unbound, their could also be a DHCP server, thus there are leases for the local devices, who wanted to have their host names registered in the local DNS.

dhcpleases should be rewritten to use unbound-control, instead of detecting a new lease, writing it to one of the files that unbound reads on start, and then pulling the trigger on unbound.

Keep in mind that other events can also restart unbound, such as interfaces that go up and down, etc.

bmeeks

@gertjan said in Unbound seems to be restarting frequently:

@swixo

Btw @bmeeks, I'm using pfBlocker(latest) and its using unbound-control to 'inject' DNSBL changes. When pfBlocker found an updated DNSBL list, it parses out the changes, and communicates them to unbound.
For me, unbound restarts ones or twice a week, and even these restarts do not loose the DNS cache, as it is dump before the stop, and read back in when it restarts. That is, if pfBlocker was restarting it.

Big, no, huge DNSBL lists were build, and unbound needed a lot more time to start. People started to detect DNS outages.

Yes, the "huge" DNSBL lists were what I was referring to. pfBlockerNG and the DNSBL feature can certainly be a useful tool, but many users manage to shoot themselves in the foot with it as evidenced by the many posts I see here on the Forums. And instead of being only a moderately painful "BB-gun" (an air-powered, small caliber weapon for those who might not be familiar with the common American name), the tool can be the equivalent of shooting your foot off with an American AC-130 gunship (a.k.a. "Angel of Death") when used with huge lists of domains to block. That chokes unbound by generating long startup times as the lists are parsed. And until unbound starts, it can't do DNS lookups.