Unbound VERY frequent restarts (DNS Resolver Restarts)
-
Nothing that I do will stop these restarts, I'm running the latest version 2.4.4-RELEASE-p3 (amd64)
As you can see my DNS resolver is restarting every 2-3 seconds non stop
I've disabled DHCP registration and it's still happening.
-
I finally figured out why my DNS resolver was restarting every 2 seconds, it was because my WAN interface had a IPv6 address which appears to be some kind of pfSense bug, as soon as I remove the IPv6 from the WAN interface it stopped restarting the Unbound resolver:
As you can see below I changed it from DHCP6 to None:
-
I can confirm this behavior. Also when having pfBlockerNG enabled while this bug occurs, unbound is not usable anymore.
Turning off IPv6 also fixed it for me.
Using pfSense in a VM with a Ryzen 3950x running 2.4.4-RELEASE-p3 (amd64) -
I don't see this. I have WAN IPv6 set to "DHCP6" and the current pfBNG-devel on Comcast. Were you using "Static IPv6"?
-
Nope I was using DHCP6 as stated above, and changing it to None resolved the issue I've been having for many months.
-
I can confirm the same behavior STILL on 2.4.5-RELEASE-p1.
The DNS Resolver is one of the most frustrating parts of using a (Netgate) pfSense box; you can't use DHCP DNS registration or it restarts all the time, you can't use IPv6 or it restarts all the time. The perception of users on the network is that everything comes to a grinding halt (DNS timeouts)
-
To extend a bit:
- WAN interface has DHCP6 enabled; DNS Resolver keeps working regardless of this setting
- Then, when you enable on a LAN interface the IPV6 "Track Interface" option, DNS resolver restarts roughly every two seconds.
- Disabling the "Track Interface" on the LAN interface (i.e. setting IPv6 back to 'none'), DNS resolver runs stable again.
-
@TimJacobs I'm using 2.4.5p1, with DHCP6 WAN, and track interface in LAN, and I'm not facing this problem.
I don't use the DHCP DNS registration.What if you set this option in the DNS resolver custom options?
server:
do-ip6:no -
@mcury Thanks for the suggestion. That does not prevent DNS Resolver of restarting frequently.
Possibly the continuous stream of RA's received on the WAN are related?
It's the only thing I can relate to the resets every +-2 seconds; here is one excerpt of the debug logs for a single start/stop:
-
@TimJacobs Unfortunately that was the only thing that crossed my mind that could be the culprit .. Not sure how to proceed now.
Let's wait for the community, or maybe the devs can help you further.. -
I've been reading about this, and the only workaround that I found is to disable the DHCP DNS registration feature..
More info about this:
https://forum.netgate.com/topic/115482/frequent-unbound-restarts -
@mcury Thanks for thinking along. I had already disabled that feature a while back. One of our DHCP clients was requesting a new lease every 2 seconds (ignoring the lease time) which already caused a lot of DNS resolver issues in the past. Here is the current DNS Resolver config:
To be honest, without DNSSEC, without DHCP DNS registration, without IPv6 - this is like the most basic configuration you could possibly come up with for a DNS server. The fact that pfSense does not get this working properly has been cause of regret of purchasing an SG-3100 for months already. I really, really, really hope this DNS Resolver gets more stable & functional ASAP. The whole point of using DNS Resolver was moving our DNS server away from our Synology NAS to a "SMB grade network device"
