Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgraded to 2.5.1 - Unbound DNS stops working

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 6 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GregBinSD @Gertjan
      last edited by

      @gertjan @mods

      Gertjan, thanks for the advice on not registering hosts. I'm trying it now, hope it helps.

      S 1 Reply Last reply Reply Quote 0
      • S
        Stewart @GregBinSD
        last edited by

        @gregbinsd

        Did any of this help? I have a unit that I just installed with 2.5.1 having this issue.

        G 1 Reply Last reply Reply Quote 0
        • G
          GregBinSD @Stewart
          last edited by

          @stewart
          I am still running 2.4.5-RELEASE-p1 because of resolver issues on the SG-3100 for the newer supported releases. Netgate support helped me back out the 21.02 version for ARM CPUs.

          So I am happy to stay on the old version because of it's stability. However, I had turned on a couple of features that I thought would be helpful, but was experiencing occasional DNS outages that lasted several seconds. I searched the forum for similar issues and found this topic. I turned off the 2 features, and now there are no more intermittent DNS outages, so I popped off a post to say thanks to Gertjan for his good advice.

          1 Reply Last reply Reply Quote 0
          • planedropP
            planedrop
            last edited by

            Just wanted to comment here to say I'm having the same issue on a custom install, seems Unbound can't access that IP and it's bombarding it periodically which seems to trigger Unbound to crash.

            Going to try disabling registration of DHCP leases and see if that makes it a bit more stable but I don't think that is the primary issue here.

            S 1 Reply Last reply Reply Quote 0
            • S
              Stewart @planedrop
              last edited by

              @planedrop I disabled those and added Unbound to the watchdog. Client hasn't called and complained since. Not sure if it fixed it but it at least fixed it enough that it's working. I see there is a regression for Unbound in the next version. May be related.

              planedropP 1 Reply Last reply Reply Quote 0
              • planedropP
                planedrop @Stewart
                last edited by

                @stewart Good to know, I will go ahead and give this a shot then.

                1 Reply Last reply Reply Quote 0
                • M
                  mods
                  last edited by

                  @Stewart @planedrop
                  Sort of based on @Gertjan suggestion...
                  I disabled DNSSEC, and enabled Forwarding and SSL/TLS.
                  I believe changing to forwarding mode is what resolved the issue.
                  All other options are still enabled - registering DHCP/Reservations/OpenVPN clients, and have not seen the issue again across 4 different pfSense deployments.

                  S planedropP 2 Replies Last reply Reply Quote 0
                  • S
                    SteveITS Galactic Empire @mods
                    last edited by SteveITS

                    If you're still on 2.5.1, note there is a stability fix for unbound in 2.5.2. (and 21.05)

                    Edit: I was thinking of the 21.05 release notes, I guess 2.5.2 isn't quite out yet but apparently soon...

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    planedropP S 2 Replies Last reply Reply Quote 0
                    • planedropP
                      planedrop @mods
                      last edited by

                      @mods I definitely prefer to use root servers for my setup personally. If disabling DHCP registration and then having the Watchdog keep track of it works then I'm OK with it personally. If I still have issues I will try this.

                      I imagine changing to forwarding mode helps, as it's getting such a huge log file built up of that one root IP not being accessible.

                      But if watchdog can restart it when it goes down then things should be ok.

                      1 Reply Last reply Reply Quote 0
                      • planedropP
                        planedrop @SteveITS
                        last edited by

                        @steveits This is good to see, I guess I could try the RC here soon as this isn't on a prod firewall.

                        1 Reply Last reply Reply Quote 0
                        • S
                          Stewart @SteveITS
                          last edited by

                          @steveits said in Upgraded to 2.5.1 - Unbound DNS stops working:

                          note there is a [stability fix for unbound in 2.5.2]

                          That's what I was referring to but it isn't ready yet from what I can see.

                          planedropP 1 Reply Last reply Reply Quote 0
                          • planedropP
                            planedrop @Stewart
                            last edited by

                            @stewart yeah I might give it a shot anyway since it's RC and this is non-prod. Not sure yet though as stability does still matter to me quite a lot.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.