Should unbound-control work by default?

jimp

Something is definitely unhappy in those files. run rm /var/unbound/unbound_*.pem /var/unbound/unbound_*.key and save/apply, see if that helps. That should force unbound to regenerate those files as well.

RonpfS

@jimp said in Should unbound-control work by default?:

Something is definitely unhappy in those files

Files are empty

Taz79

@jimp said in Should unbound-control work by default?:

Something is definitely unhappy in those files. run rm /var/unbound/unbound_*.pem /var/unbound/unbound_*.key and save/apply, see if that helps. That should force unbound to regenerate those files as well.

Holy **** ... That was a fast answer from your side!!! :)

I tried it. and it works! :) Unbound service is running now and i can do DNS lookups again :)

Files has been re-created and is not empty anymore.. Strange problem.. And also the file date of those files with 0 bytes were 7th Jan.. That was before i got my SG-1100... I guess the restore i did would not create files that way (with an old date)..

jimp

Did you maybe have a power event or otherwise unclean shutdown? It might have happened when pfSense was writing those files or they hadn't fully synchronized to disk yet. You might want to reboot it and run a disk check to be certain.

Worst case there you can rm -rf /var/unbound and save/apply and it should generate everything again.

The older date may be from when the system was initially imaged at the factory.

Taz79

This also solved other issues i had... Now Status -> DNS Resolver is working

AND! unbound-control works too! .. I'm a Happy panda now.. Thanks Jimp!!!!

RonpfS

The root.key.57361-0 file should not be there.

jimp

@Taz79 said in Should unbound-control work by default?:

This also solved other issues i had... Now Status -> DNS Resolver is working

Not surprising since that page uses data output from unbound-control :-)

Taz79

@jimp said in Should unbound-control work by default?:

Did you maybe have a power event or otherwise unclean shutdown? It might have happened when pfSense was writing those files or they hadn't fully synchronized to disk yet. You might want to reboot it and run a disk check to be certain.

Worst case there you can rm -rf /var/unbound and save/apply and it should generate everything again.

The older date may be from when the system was initially imaged at the factory.

We very seldom have power fails here.. Last time was 2 years ago actually.. Some power fails are planned work but then i always shutdown stuff first. I will buy a UPS for my router and other equipment soon though since power fails cause a lot of issues for sure! :)

Can i schedule a diskcheck at reboot? and see the results later from "remote (web)"? .. or must i have a display connected to the router?

Taz79

@jimp can i ask you about the feature "Serve Expired"?

I'm wondering when a record reach TTL of 0.. How long will it stay in the cache before it gets deleted? I mean how much good does this setting do? .. It seems like a good thing and does not take up any extra DNS traffic.

tman222

@Taz79 said in Should unbound-control work by default?:

@jimp can i ask you about the feature "Serve Expired"?

I'm wondering when a record reach TTL of 0.. How long will it stay in the cache before it gets deleted? I mean how much good does this setting do? .. It seems like a good thing and does not take up any extra DNS traffic.

I have had this enabled for some time with no ill effects that I can see. It seems that DNS TTL's are pretty short on major sites these days (I assume for load balancing purposes or because of the usage of CDN's?) so I find that this does speed things up a bit on my own network where there are just a handful of users. If there were a large number of users it might be less useful as the DNS cache would generally be kept hot otherwise (i.e. records would likely not expire before being requested again). Hope this helps.

Taz79

@tman222 said in Should unbound-control work by default?:

@Taz79 said in Should unbound-control work by default?:

@jimp can i ask you about the feature "Serve Expired"?

I'm wondering when a record reach TTL of 0.. How long will it stay in the cache before it gets deleted? I mean how much good does this setting do? .. It seems like a good thing and does not take up any extra DNS traffic.

I have had this enabled for some time with no ill effects that I can see. It seems that DNS TTL's are pretty short on major sites these days (I assume for load balancing purposes or because of the usage of CDN's?) so I find that this does speed things up a bit on my own network where there are just a handful of users. If there were a large number of users it might be less useful as the DNS cache would generally be kept hot otherwise (i.e. records would likely not expire before being requested again). Hope this helps.

Seems like i have to create a separate thread for this to get it sorted out :) .. It defenatly helps me though looking at the statistics. Thanks for your reply!