Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver stopped resolving DNS queries after upgrade to 2.4.4

    DHCP and DNS
    4
    15
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz

      @pmrozik said in DNS Resolver stopped resolving DNS queries after upgrade to 2.4.4:

      127.0.0.1#953: address in use

      Your trying to run bind and unbound on the same box? They both want to use 953 for control - so yeah you can have a race condition..

      So yeah I could see how you could have issues. Why are you wanting to run bind and unbound at the same time?

      If not bind - something else is using 953 since you can not use it.. But I would guess bind.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      P 1 Reply Last reply Reply Quote 0
      • P
        pmrozik @johnpoz
        last edited by

        @johnpoz

        That was the initial problem right after the upgrade. BIND was turned on. I turned it off and it fixed the issue, but what's happening now occurred after BIND was turned off.

        So far so good for the last 24 hours, but it's been strange.

        BabizB 1 Reply Last reply Reply Quote 0
        • P
          pmrozik @Babiz
          last edited by

          @babiz

          Thanks.

          • BIND is turned off.

          • I'm not sure what you mean by leaving 127.0.0.1 only for DNS queries? If I leave all the DNS server fields blank, how will it know which other DNS servers to query?

          • DNSSEC support is enabled

          Thank you for the link, I'll have a look.

          1 Reply Last reply Reply Quote 0
          • MikeV7896M
            MikeV7896
            last edited by

            Unless you have Unbound in forwarding mode, Unbound will never use the DNS server addresses in the System settings. It will go to the root nameservers and resolve the hostname recursively through the various DNS servers involved. So unless you’re using forwarding mode, it’s fine to leave the DNS servers blank (I actually put 127.0.0.1 in one box just to be safe) and let Unbound handle everything.

            The S in IOT stands for Security

            1 Reply Last reply Reply Quote 0
            • BabizB
              Babiz @pmrozik
              last edited by

              @pmrozik yes, same as @virgiliomi said, outbond work fine without any specific dns servers, and if you want to check, just looking at logfile under
              Status/System Logs/System/DNS Resolver
              and you see some kind of "Query Response" from dns secure server network, around the world, as confirmation. (Nice uh?) Well, bye.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                Your log shows you had an issue with port 953 as of Nov 25.. So you just did turn off bind then?

                As other saying if you are using resolver - that is what it does out of the box then you have zero use for any other NS listed anywhere, nor do you need to pull anything from your isp via dhcp for NS.. So you can turn that off as well.

                Unbound in the out of the box resolves.. You do not need to call out any other NS... Pfsense yes out of the box will point to itself ie loopback 127.0.0.1 to ask unbound for what it needs to resolve for example get the package listings, check for update.

                To be honest unless you actually understand the difference between forwarder and resolver, and have some specific need your typical user should need to touch these settings at all.. And pfsense will resolve all it needs and all your clients should point to pfsense for dns. Now you will resolve and be using dnssec.. It is for most people optimal configuration... Only if your ISP blocks normal dns, or you have high latency connection should you ever have to forward. Unless you have some desire to leverage some DNS service that is doing some fort of filtering for you, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                P 1 Reply Last reply Reply Quote 0
                • P
                  pmrozik @johnpoz
                  last edited by

                  @johnpoz

                  I turned off bind right after the upgrade, so not the 25th.

                  So far things have been stable, I turned off DNS Forwarding for the DNS Resolver.

                  The BIND service gets started automatically for some reason, and I don't know why. As soon as I kill the process, DNS resolving comes back.

                  0_1543298281891_bind.jpg

                  Pasting logs below:

                  Nov 27 03:27:40 named 28412 starting BIND 9.11.4-P1 (Extended Support Version) id:2b060b2
                  Nov 27 03:27:40 named 28412 running on FreeBSD amd64 11.2-RELEASE-p3 FreeBSD 11.2-RELEASE-p3 #17 e6b497fa0a3(RELENG_2_4_4): Thu Sep 20 09:04:45 EDT 2018 root@buildbot3:/crossbuild/ce-244/obj/amd64/WvDslnYb/crossbuild/ce-244/pfSense/tmp/FreeBSD-src/sys/pfSense
                  Nov 27 03:27:40 named 28412 built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--sysconfdir=/usr/local/etc/namedb' '--disable-dnstap' '--enable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--without-idn' '--enable-ipv6' '--with-libjson=/usr/local' '--disable-largefile' '--without-lmdb' '--disable-querytrace' '--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-threads' '--with-tuning=default' '--without-gssapi' '--with-openssl=/usr' '--disable-native-pkcs11' '--with-dlz-filesystem=yes' '--without-python' '--without-gost' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.2' 'build_alias=amd64-portbld-freebsd11.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing' 'LDFLAGS= -fstack-protector' 'LIBS=-L/usr/local/lib'
                  Nov 27 03:27:40 named 28412 running as: named -c /etc/namedb/named.conf -u bind -t /cf/named/
                  Nov 27 03:27:40 named 28412 compiled by CLANG 4.2.1 Compatible FreeBSD Clang 6.0.0 (tags/RELEASE_600/final 326565)
                  Nov 27 03:27:40 named 28412 compiled with OpenSSL version: OpenSSL 1.0.2o-freebsd 27 Mar 2018
                  Nov 27 03:27:40 named 28412 linked to OpenSSL version: OpenSSL 1.0.2o-freebsd 27 Mar 2018
                  Nov 27 03:27:40 named 28412 compiled with libxml2 version: 2.9.7
                  Nov 27 03:27:40 named 28412 linked to libxml2 version: 20907
                  Nov 27 03:27:40 named 28412 compiled with libjson-c version: 0.13
                  Nov 27 03:27:40 named 28412 linked to libjson-c version: 0.13
                  Nov 27 03:27:40 named 28412 compiled with zlib version: 1.2.11
                  Nov 27 03:27:40 named 28412 linked to zlib version: 1.2.11
                  Nov 27 03:27:40 named 28412 threads support is enabled
                  Nov 27 03:27:40 named 28412 ----------------------------------------------------
                  Nov 27 03:27:40 named 28412 BIND 9 is maintained by Internet Systems Consortium,
                  Nov 27 03:27:40 named 28412 Inc. (ISC), a non-profit 501(c)(3) public-benefit
                  Nov 27 03:27:40 named 28412 corporation. Support and training for BIND 9 are
                  Nov 27 03:27:40 named 28412 available at https://www.isc.org/support
                  Nov 27 03:27:40 named 28412 ----------------------------------------------------
                  Nov 27 03:27:40 named 28412 found 2 CPUs, using 2 worker threads
                  Nov 27 03:27:40 named 28412 using 1 UDP listener per interface
                  Nov 27 03:27:40 named 28412 using up to 4096 sockets
                  Nov 27 03:27:40 named 28412 loading configuration from '/etc/namedb/named.conf'
                  Nov 27 03:27:40 named 28412 unable to open '/usr/local/etc/namedb/bind.keys'; using built-in keys instead
                  Nov 27 03:27:40 named 28412 using default UDP/IPv4 port range: [49152, 65535]
                  Nov 27 03:27:40 named 28412 using default UDP/IPv6 port range: [49152, 65535]
                  Nov 27 03:27:40 named 28412 listening on IPv6 interfaces, port 53
                  Nov 27 03:27:40 named 28412 could not listen on UDP socket: address in use
                  Nov 27 03:27:40 named 28412 listening on all IPv6 interfaces failed
                  Nov 27 03:27:40 named 28412 listening on IPv4 interface bfe0, 192.168.1.1#53
                  Nov 27 03:27:40 named 28412 listening on IPv4 interface lo0, 127.0.0.1#53
                  Nov 27 03:27:40 named 28412 listening on IPv4 interface ue0, 192.168.2.104#53
                  Nov 27 03:27:40 named 28412 listening on IPv4 interface pppoe0, 109.79.226.35#53
                  Nov 27 03:27:40 named 28412 listening on IPv4 interface ovpns1, 10.0.8.1#53
                  Nov 27 03:27:40 named 28412 generating session key for dynamic DNS
                  Nov 27 03:27:40 named 28412 sizing zone task pool based on 0 zones
                  Nov 27 03:27:40 named 28412 set up managed keys zone for view _default, file 'managed-keys.bind'
                  Nov 27 03:27:40 named 28412 automatic empty zone: 10.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 16.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 17.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 18.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 19.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 20.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 21.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 22.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 23.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 24.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 25.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 26.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 27.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 28.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 29.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 30.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 31.172.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 168.192.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 64.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 65.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 66.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 67.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 68.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 69.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 70.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 71.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 72.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 73.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 74.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 75.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 76.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 77.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 78.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 79.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 80.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 81.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 82.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 83.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 84.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 85.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 86.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 87.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 88.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 89.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 90.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 91.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 92.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 93.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 94.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 95.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 96.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 97.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 98.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 99.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 100.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 101.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 102.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 103.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 104.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 105.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 106.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 107.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 108.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 109.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 110.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 111.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 112.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 113.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 114.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 115.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 116.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 117.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 118.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 119.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 120.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 121.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 122.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 123.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 124.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 125.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 126.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 127.100.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 0.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 127.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 254.169.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 2.0.192.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 100.51.198.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 113.0.203.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: D.F.IP6.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 8.E.F.IP6.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 9.E.F.IP6.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: A.E.F.IP6.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: B.E.F.IP6.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: EMPTY.AS112.ARPA
                  Nov 27 03:27:40 named 28412 automatic empty zone: HOME.ARPA
                  Nov 27 03:27:40 named 28412 /etc/namedb/named.conf:10: couldn't add command channel 127.0.0.1#953: address in use

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    @pmrozik said in DNS Resolver stopped resolving DNS queries after upgrade to 2.4.4:

                    Nov 27 03:27:40 named 28412 starting BIND 9.11.4-P1

                    It is starting because its enabled.. If your not using it - remove it.. I have it installed but not enabled and it doesn't try and start.. So for whatever reason your install thinks its suppose to start bind even if you have it uncheck in the gui for enabled..

                    0_1543314568765_binddisabled.png

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • P
                      pmrozik
                      last edited by

                      Uninstalled it as you suggested.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        So you could try and reinstall it now and validate it doesn't try and start.. But if your not actually using it - little reason for it to be installed.

                        Sure you could dig into the xml to see why its trying to start when told not too, etc.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        P 1 Reply Last reply Reply Quote 1
                        • P
                          pmrozik @johnpoz
                          last edited by

                          @johnpoz

                          You are awesome, thanks a lot for all your help, greatly appreciated.

                          I probably could reinstall it, but as you said, no need since I'm not using it.

                          I've definitely learned a couple of things along the way.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.