Unbound resolver error: Can't assign requested address for 127.0.0.1

themadsalvi

@RonpfS @Gertjan
Here is the latest file for the reload, with all of the lists gone that you told me to delete. Same error pops up:
pfblockerng3.txt

Rsolver settings.

RonpfS

Did you try to remove the private-domain: line ?
On my box I have Prefetch Support and Prefetch DNS Key Support ticked.

themadsalvi

@RonpfS @Gertjan
I ended up taking the private domain line out(save and apply), then checking the prefetch support and Prefetch DNS Key Support boxes(save and apply changes). Tried the forced reload, with those changes, and the error persists.

RonpfS

In a shell or Diagnostics Command prompt, do a

ls -al /var/unbound /var/db/pfblockerng

themadsalvi

@RonpfS @Gertjan
I have placed the output below

Why are the last 4 so old?

RonpfS

@themadsalvi The 2012 timestamp looks suspicious compared to mine :

-rw-r-----   1 unbound  unbound       2459 Dec  8 19:42 unbound_control.key
-rw-r-----   1 unbound  unbound       1330 Dec  8 19:42 unbound_control.pem
-rw-r-----   1 unbound  unbound       2459 Dec  8 19:42 unbound_server.key
-rw-r-----   1 unbound  unbound       1318 Dec  8 19:42 unbound_server.pem

maybe it time to delete them, restart unbound or reboot pfsense.

themadsalvi

@RonpfS

what is the syntax for deleting the files in the shell?
rm -f /var/unbound/unbound_server.key?

is that the correct syntax?

Edit:
It looks like it was able to recreate the files

RonpfS

@themadsalvi

Rename them in case :

mv  /var/unbound/unbound_control.key /var/unbound/backup_unbound_control.key
mv  /var/unbound/unbound_control.pem /var/unbound/backup_unbound_control.pem
mv  /var/unbound/unbound_server.key /var/unbound/backup_unbound_server.key
mv  /var/unbound/unbound_server.pem /var/unbound/backup_unbound_server.pem

restart unbound, it should start, if not ... then move them back.
to remove them it's :

rm /var/unbound/unbound_server.pem

Also it's better to access the webgui with the pfsense IP address instead of using it's domain name when stopping and restarting DNS resolver.

themadsalvi

@RonpfS
unbound restarted ok, without any errors, but the DNSBL was still unable to reload without the error.
pfblockerng4.txt

I use the IP of Pfsense whenever I log into the web GUI, not sure why it uses the domain name when logging into shell

Grimson

What other packages are you using? Bind will conflict with unbound and if you use Service Watchdog make sure it does not monitor unbound.

RonpfS

This post is deleted!

RonpfS

Well ... I have no more clue why it doesn't reload unbound.
Maybe disable all feeds excepts Ads ?

What does ls -al /var/unbound look like now ?

themadsalvi

@RonpfS I placed the result of the rebuilt key and pem files, as well as how /var/unbound looks in my last post(out on lunch and on mobile, sorry)

@Grimson the one thing I find odd is it just started this over the weekend, after a power outage. It has been fine for the last 6 months, without any issue. I do not have bind,and have made sure that unbound is not being monitored by service watchdog. I have the regularly installed packages like pfblockerng-devel, snort, etc.

Grimson

@themadsalvi said in Unbound resolver error: Can't assign requested address for 127.0.0.1:

@Grimson the one thing I find odd is it just started this over the weekend, after a power outage.

So did you run fsck on the filesystem? https://docs.netgate.com/pfsense/en/latest/hardware/troubleshooting-disk-check-errors-fsck.html#manually-run-fsck

I have the regularly installed packages like pfblockerng-devel, snort, etc.

There are no regularly installed packages, a regular install comes without additional packages. So always mention the packages you are using when asking for help.

If following the above to check the filesystem doesn't work grab a config backup and do a fresh install to make sure the installation is in a good state.

themadsalvi

@Grimson iplaced some screenshots from my mobile in my previouspost. Fsck says that /dev/zroot/ROOT cannot be opened since there is no file or directory present

Grimson

@themadsalvi said in Unbound resolver error: Can't assign requested address for 127.0.0.1:

@Grimson iplaced some screenshots from my mobile in my previouspost. Fsck says that /dev/zroot/ROOT cannot be opened since there is no file or directory present

https://www.freebsd.org/doc/handbook/zfs-zpool.html#zfs-zpool-status
https://www.freebsd.org/doc/handbook/zfs-zpool.html#zfs-zpool-scrub

themadsalvi

@Grimson

It looks like it found no errors in the pool. I even ran the scrub with no errors found.

Grimson

To be honest, from what I can see your installation is a mess. For example you have both snort and suricata installed. Best suggestion is for you to document what you are currently using (and what not). Then start with a fresh clean install, don't restore the config do the setup bit by bit yourself and watch where it breaks.

themadsalvi

@Grimson I will have to do that when I get home. I guess I have been lucky in that it has worked flawlessly for the last 6 months(SInce I installed it). It was bound to break eventually. Strangely, I can still surf the internet fine(I am writing from the network that has Pfsense firewall), and use streaming services like netflix.

RonpfS

You can always try to remove pfblocker lists by unticking pfBlockerNG & Keep Settings :

Note: To clear all downloaded lists, uncheck these two checkboxes and 'Save'. Re-check both boxes and run a 'Force Update|Reload'