2.5.0 DNS Service stopping randomly

noviceiii

Thank you all for the responses. I did investigate a bit further on the ARP messages that caught my attention shortly before the unbound services crashes. To my surprise I couldn't find a device with the particular hardware address among my devices.

So I flushed ARP cache and DHCP cache. Now I have working non-crashing unbound service.

SOLUTION:

• FLUSH DHCP LEASES

Allow me to add my 10 cents about the watchdog workaround I have used too. A device directly connected to the internet should never have crashing services that are automatically restarted. It could be a huge security hole. Further, on any system, to fix a permanently restarting service by automatically starting it is just pure wrong,

I like to mention, that the DNS resolver with pfsense 2.5.0 feels much faster than it was with the previous version. Thank you, good peolple from Netgate!

yis

Wow - I am off for two days and this topic was growing great!
Thank you all for your ideas and supportings.
I will check the point with DHCP FLUSH this evening and monitor this the next days

yis

ok - I flushed DHCP leases last night - this morning the unbound service is dead again.
Going to start debug logs now, will report back...

EDIT: this is the error I found in logs..

debug:    ip4 10.1.1.1 port 53 (len 16)
debug: attempt to get extra 3 targets
debug: servselect ip4 10.1.1.1 port 53 (len 16)
debug:    rtt=120000
debug: No more query targets, attempting last resort
debug: configured stub or forward servers failed -- returning SERVFAIL
debug: store error response in message cache
debug: return error response SERVFAIL
debug: mesh_run: iterator module exit state is module_finished

will try to figure out, what this means

Traveller

@yis Take a look at this suggestion.

This new version of unbound is reportedly more stable based on the initial testing.

noviceiii

after flushing the DHCP leases I had ubound service running for about 3 days until it started to crash again. So unfortunately flushing the DHCP leases isn't - depending on your systems load - a long lasting solution (although I like the word 'flush').

I did follow the instructions given by the great and honorable member @jimp (see Posting) to update the ubound service. I'll keep monitoring but will report back only, if I face further crashes.

jimps proposed solution was:

Go to Diagnostics > Command Prompt

pkg upgrade -fy unbound; pfSsh.php playback svc restart unbound

yis

@noviceiii said in 2.5.0 DNS Service stopping randomly:

after flushing the DHCP leases I had ubound service running for about 3 days until it started to crash again. So unfortunately flushing the DHCP leases isn't - depending on your systems load - a long lasting solution (although I like the word 'flush').

I did follow the instructions given by the great and honorable member @jimp (see Posting) to update the ubound service. I'll keep monitoring but will report back only, if I face further crashes.

jimps proposed solution was:

Go to Diagnostics > Command Prompt

pkg upgrade -fy unbound; pfSsh.php playback svc restart unbound

flushing dhcp is not the solution.
and I don't want to write down every single dns from dhcp-lease - so i will upgrade unbound now and will have a look on this.

yis

I can confirm problem as resolved after upgrading unbound.
working stable again - thank you for all you support!

JasonAU

@yis said in 2.5.0 DNS Service stopping randomly:

I can confirm problem as resolved after upgrading unbound.
working stable again - thank you for all you support!

Thanks for this, I am getting 100's of e-mail from Service Watchdog

Service Watchdog detected service unbound stopped. Restarting unbound (DNS Resolver)

Browsing is often hit & miss Chrome will was unable to resolve and then once the service starts again load the page, I'll backup and see how a unbound upgrade goes for reference and anyone else trying this mine did

unbound: 1.13.0_2 -> 1.13.1 [pfSense]

CCNewb

the new unbound is not resolving the issue :/

Mar 14 13:23:40 unbound 33517 [33517:0] info: service stopped (unbound 1.13.1).
Mar 14 13:23:46 unbound 33517 [33517:0] info: service stopped (unbound 1.13.1).
Mar 14 13:29:28 unbound 33517 [33517:0] info: service stopped (unbound 1.13.1).
Mar 14 13:34:54 unbound 33517 [33517:0] info: service stopped (unbound 1.13.1).
Mar 14 13:36:11 unbound 33517 [33517:0] info: service stopped (unbound 1.13.1).
Mar 14 13:36:22 unbound 33517 [33517:0] info: service stopped (unbound 1.13.1).

JasonAU

@ccnewb Yep I'm also in the same boat
I"ve uninstalled PFblocker and made sure register in DNS when DHCP lease is not checked same deal