Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound stops listening on Interface

    Scheduled Pinned Locked Moved
    DHCP and DNS
    7
    12
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @A Former User
      last edited by

      I'm not using vlan's myself, so can't test such a setup, but I just ripped out the connector of one of my OPTx interfaces. Unbound didn't move.
      When It back in, DNS (unbound) on that interface worked.

      In the logs, no messages from unbound.
      Some tasks were activated as a result of the interface down/up event, like - system log :

      em2: link state changed to DOWN
      /rc.linkup: Hotplug event detected for PORTAL(opt1) static IP (192.168.2.1 )
      em2: link state changed to UP
      etc.

      but nothing in the unbound / resolver log.

      Workaround : put a switch between the PC and pfSense.
      Is this interface part of a VLAN ?

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by A Former User

        The PC ist directly connected to a physical port. No VLAN involved on this port, but a different subnet. I can't reproduce the problem with unplugging the device for a short time too. But every morning it is broken and only this interface is not listed with an open dns socket. Maybe pfBlockerNG ist somehow involved. I'll try to disable it this night.

        1 Reply Last reply Reply Quote 0
        • ?
          A Former User
          last edited by A Former User

          I can reproduce it: Connect a PC directly with a LAN port of the pfsense and boot the PC up. Stop DNS Resolver (no reload), unplug lan cable, start Resolver, wait for start, wait some seconds more, connect PC. Then I can't resolve DNS with my PC. (Maybe need two tries to get the result)

          Can someone else confirm this?

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @A Former User
            last edited by

            I think I understands what happens.

            @thisisme said in Unbound stops listening on Interface:

            unplug lan cable, start Resolver

            What happens at this very moment :
            When unbound starts, it enumerates active interfaces. It will not 'bind' to interface that are not used/active. I have myself an quand Intel NIC PCI card, two of the ports are unused. These are unknown to unbound. After all, these NICs have no IP assigned.

            Now for the fun part :

            @thisisme said in Unbound stops listening on Interface:

            wait some seconds more, connect PC

            So the NIC comes on line. It was already known to pfSEnse, so an IP gets assigned
            And I do presume that the assigned DHCP server process gets waked up, and start dealing out leases.
            But ..... unbound does not do something as "reacting to NIC up link messages". It keeps the list of known NIC's that were on line when it started. Your NIC comes up later on. unbound doesn't care. You have to re "start" unbound.

            When you restart unbound now, it will 'see' the NIC, and serve that NIC with DNS services.

            As said : Workaround : put a switch between the PC and pfSense. This way, the interface won't go down anymore - unbound keeps 'seeing' it as active, and even when unbound restarts, the interface won't get lost.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • StubbsS
              Stubbs @A Former User
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • ?
                A Former User
                last edited by A Former User

                Can I report this somewhere? Never had any problems before. This comes up with the latest update.

                1 Reply Last reply Reply Quote 0
                • Y
                  yao
                  last edited by

                  Same here. I'm using multiple VLAN interfaces in pfSense. And just upgraded to pfSense2.5. After that the DNS resolver keep stopped working. i have to start it again and again. no logs showing why the Unbound stopped.

                  @thisisme said in Unbound stops listening on Interface:

                  . All of them work properly except one. Unbound stops listening on this interface daily. Pfsense shows an open socket (port 53)for every interface/vlan

                  bingo600B 1 Reply Last reply Reply Quote 0
                  • bingo600B
                    bingo600 @yao
                    last edited by

                    @yao

                    Have you seen this one
                    https://forum.netgate.com/topic/160005/unbound-crashes-periodically-with-signal-11/72

                    /Bingo

                    If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                    pfSense+ 23.05.1 (ZFS)

                    QOTOM-Q355G4 Quad Lan.
                    CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                    LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                    Y 1 Reply Last reply Reply Quote 0
                    • Y
                      yao @bingo600
                      last edited by

                      @bingo600
                      Thanks so much for pointing me to that thread!
                      Updated Unbound to 1.13.1 by running pkg upgrade -fy unbound
                      And so far it is stable for at least 2 hours!
                      I think the problem resolved!!
                      Thanks again!

                      BTW, i have both "Register DHCP leases in the DNS Resolver" and the Register DHCP static mappings in the DNS Resolver enabled.

                      1 Reply Last reply Reply Quote 0
                      • V
                        vbredjp
                        last edited by

                        still crashing after updating to Unbound to 1.13.1
                        possibly just not as often
                        had crash around 1-2 days after upgrade that is still not acceptable.

                        T 1 Reply Last reply Reply Quote 0
                        • T
                          thiasaef @vbredjp
                          last edited by thiasaef

                          Why is there still no proper fix for this issue? It is still completely broken in 2.6.0 and both patches that are supposed to "fix" this in 2.7.0 are nothing but a mere workaround:

                          • https://redmine.pfsense.org/issues/12612
                          • https://redmine.pfsense.org/issues/12613

                          With these patches applied every restart of a device connected to one of the in/out interface of the DNS Resolver causes a restart of the unbound service (including complete loss of cache and temporary loss of DNS resolution for all devices). This bug is going to force me to downgrade back to 2.4.5-p1 and will eventually make me chose another firewall solution in the near future.

                          Sorry if I sound frustrated, but major bugs like this should not be ignored like this for almost a year.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post