unbound notice: sendto failed: Invalid argument
-
I've been searching the internet and trying things for a couple days now. Gotten nowhere unfortunately...
The Issue
I have a new IoT VLAN setup recently but I can't seem to get DNS responding on it. Every time I attempt to query DNS from the VLAN I get the following in the DNS Resolver System logs.
Aug 13 13:55:23 unbound 74958:2 notice: remote address is X.X.77.100 port 61914 Aug 13 13:55:23 unbound 74958:2 notice: sendto failed: Invalid argument Aug 13 13:55:23 unbound 74958:3 notice: remote address is X.X.77.100 port 37356 Aug 13 13:55:23 unbound 74958:3 notice: sendto failed: Invalid argumentI have DNS working just fine on all other VLANs in the network no problem. The IoT VLAN is the only one with the issue.
Troubleshooting Steps
- Attempted with multiple different devices
- Mirrored over firewall rules from a functional VLAN
- Added an allow all to all rule in the IoT VLAN firewall
- Disabled DNSSEC
- Validated Unbound access lists
- Disabled pfBlockedNG
- Disabled all VPN clients and Servers within pfSense
- Attempted pings between devices on the VLAN (successful)
- Attempted allowing
8.8.8.8through the firewall for clients to query for DNS, still didn't work. Which makes me thing it might not be an Unbound issue.
Network Information
Overview
Router/Firewall: pfSense
Wireless APs: Ubiquity Unifi (These APs tag the traffic with the appropriate VLAN based of the SSID) These APs are how all VLAN clients connect to the network.
Switches: TP-Link dumb switch
Other Info:- The VLANs in question are all using the same physical interface (Intel)
- There are 2 OpenVPN Servers configured , only for different VLANs
- All clients are assigned IP address by DHCP
- DCHP returns the
X.X.Y.1as the primary DNS server whereX.Xis the main Network octets andYis the sub network octet (generally matching the VLAN ID)
- DCHP returns the
Firewall
Working VLAN Firewall:
IoT VLAN Firewall:
Floating Rules:
All interfaces - Allow TCP/UDP - From * - To This Firewall - DNS(53)Unbound Configuration
server: chroot: /var/unbound username: "unbound" directory: "/var/unbound" pidfile: "/var/run/unbound.pid" use-syslog: yes port: 53 verbosity: 1 hide-identity: yes hide-version: yes harden-glue: yes do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes do-daemonize: yes module-config: "validator iterator" unwanted-reply-threshold: 0 num-queries-per-thread: 512 jostle-timeout: 200 infra-host-ttl: 900 infra-cache-numhosts: 10000 outgoing-num-tcp: 10 incoming-num-tcp: 10 edns-buffer-size: 4096 cache-max-ttl: 86400 cache-min-ttl: 0 harden-dnssec-stripped: yes msg-cache-size: 4m rrset-cache-size: 8m num-threads: 4 msg-cache-slabs: 4 rrset-cache-slabs: 4 infra-cache-slabs: 4 key-cache-slabs: 4 outgoing-range: 4096 auto-trust-anchor-file: /var/unbound/root.key prefetch: yes prefetch-key: yes use-caps-for-id: no serve-expired: no statistics-interval: 0 extended-statistics: yes statistics-cumulative: yes tls-cert-bundle: "/etc/ssl/cert.pem" tls-port: 853 tls-service-pem: "/var/unbound/sslcert.crt" tls-service-key: "/var/unbound/sslcert.key" interface-automatic: no interface: 0.0.0.0 interface: 0.0.0.0@853 interface: ::0 interface: ::0@853 private-address: 127.0.0.0/8 private-address: 10.0.0.0/8 private-address: ::ffff:a00:0/104 private-address: 172.16.0.0/12 private-address: ::ffff:ac10:0/108 private-address: 169.254.0.0/16 private-address: ::ffff:a9fe:0/112 private-address: 192.168.0.0/16 private-address: ::ffff:c0a8:0/112 private-address: fd00::/8 private-address: fe80::/10 include: /var/unbound/access_lists.conf include: /var/unbound/host_entries.conf include: /var/unbound/dhcpleases_entries.conf include: /var/unbound/domainoverrides.conf server:include: /var/unbound/pfb_dnsbl.*conf include: /var/unbound/remotecontrol.confThanks for any help you guys can give.
