Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    unbound notice: sendto failed: Invalid argument

    Scheduled Pinned Locked Moved DHCP and DNS
    unbounddnsvlandns vlansendto failed
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • sololegendsS
      sololegends
      last edited by

      I've been searching the internet and trying things for a couple days now. Gotten nowhere unfortunately...

      The Issue

      I have a new IoT VLAN setup recently but I can't seem to get DNS responding on it. Every time I attempt to query DNS from the VLAN I get the following in the DNS Resolver System logs.

      Aug 13 13:55:23	unbound	74958:2	notice: remote address is X.X.77.100 port 61914
      Aug 13 13:55:23	unbound	74958:2	notice: sendto failed: Invalid argument
      Aug 13 13:55:23	unbound	74958:3	notice: remote address is X.X.77.100 port 37356
      Aug 13 13:55:23	unbound	74958:3	notice: sendto failed: Invalid argument
      

      I have DNS working just fine on all other VLANs in the network no problem. The IoT VLAN is the only one with the issue.


      Troubleshooting Steps

      • Attempted with multiple different devices
      • Mirrored over firewall rules from a functional VLAN
      • Added an allow all to all rule in the IoT VLAN firewall
      • Disabled DNSSEC
      • Validated Unbound access lists
      • Disabled pfBlockedNG
      • Disabled all VPN clients and Servers within pfSense
      • Attempted pings between devices on the VLAN (successful)
      • Attempted allowing 8.8.8.8 through the firewall for clients to query for DNS, still didn't work. Which makes me thing it might not be an Unbound issue.

      Network Information

      Overview

      Router/Firewall: pfSense
      Wireless APs: Ubiquity Unifi (These APs tag the traffic with the appropriate VLAN based of the SSID) These APs are how all VLAN clients connect to the network.
      Switches: TP-Link dumb switch
      Other Info:

      • The VLANs in question are all using the same physical interface (Intel)
      • There are 2 OpenVPN Servers configured , only for different VLANs
      • All clients are assigned IP address by DHCP
        • DCHP returns the X.X.Y.1 as the primary DNS server where X.X is the main Network octets and Y is the sub network octet (generally matching the VLAN ID)

      Firewall

      Working VLAN Firewall:
      viki_net_firewall.PNG

      IoT VLAN Firewall:
      iot_net_firewall.PNG

      Floating Rules:
      All interfaces - Allow TCP/UDP - From * - To This Firewall - DNS(53)

      Unbound Configuration

      server:
      chroot: /var/unbound
      username: "unbound"
      directory: "/var/unbound"
      pidfile: "/var/run/unbound.pid"
      use-syslog: yes
      port: 53
      verbosity: 1
      hide-identity: yes
      hide-version: yes
      harden-glue: yes
      do-ip4: yes
      do-ip6: yes
      do-udp: yes
      do-tcp: yes
      do-daemonize: yes
      module-config: "validator iterator"
      unwanted-reply-threshold: 0
      num-queries-per-thread: 512
      jostle-timeout: 200
      infra-host-ttl: 900
      infra-cache-numhosts: 10000
      outgoing-num-tcp: 10
      incoming-num-tcp: 10
      edns-buffer-size: 4096
      cache-max-ttl: 86400
      cache-min-ttl: 0
      harden-dnssec-stripped: yes
      msg-cache-size: 4m
      rrset-cache-size: 8m
      num-threads: 4
      msg-cache-slabs: 4
      rrset-cache-slabs: 4
      infra-cache-slabs: 4
      key-cache-slabs: 4
      outgoing-range: 4096
      auto-trust-anchor-file: /var/unbound/root.key
      prefetch: yes
      prefetch-key: yes
      use-caps-for-id: no
      serve-expired: no
      statistics-interval: 0
      extended-statistics: yes
      statistics-cumulative: yes
      tls-cert-bundle: "/etc/ssl/cert.pem"
      tls-port: 853
      tls-service-pem: "/var/unbound/sslcert.crt"
      tls-service-key: "/var/unbound/sslcert.key"
      interface-automatic: no
      interface: 0.0.0.0
      interface: 0.0.0.0@853
      interface: ::0
      interface: ::0@853
      private-address: 127.0.0.0/8
      private-address: 10.0.0.0/8
      private-address: ::ffff:a00:0/104
      private-address: 172.16.0.0/12
      private-address: ::ffff:ac10:0/108
      private-address: 169.254.0.0/16
      private-address: ::ffff:a9fe:0/112
      private-address: 192.168.0.0/16
      private-address: ::ffff:c0a8:0/112
      private-address: fd00::/8
      private-address: fe80::/10
      include: /var/unbound/access_lists.conf
      include: /var/unbound/host_entries.conf
      include: /var/unbound/dhcpleases_entries.conf
      include: /var/unbound/domainoverrides.conf
      server:include: /var/unbound/pfb_dnsbl.*conf
      include: /var/unbound/remotecontrol.conf
      

      Thanks for any help you guys can give.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.