Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS resolver Stop Working after upgrade 2.4.5 to 2.5.1

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 3 Posters 445 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jabacrack
      last edited by

      Re: DNS resolver Stop Working after upgrade 2.4.5 to 2.5.0

      After updating to 2.5.1 from 2.4.5 unbound still randomly stop, around 1-2 times at day. I do not want to disable "Register DHCP leases in the DNS Resolver", because I use this feature.
      Unbound version is 1.13.1 and reinstall do not help me.
      I do not find in logs anything that describe why it stop.

      What I can try else?

      GertjanG S 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @jabacrack
        last edited by Gertjan

        @jabacrack said in DNS resolver Stop Working after upgrade 2.4.5 to 2.5.1:

        I do not want to disable "Register DHCP leases in the DNS Resolver", because I use this feature.

        That's ok and understandable. Would also love to leave it 'on' and forget about it.

        But you created some sort of mutual exclusive issue here.
        "Register DHCP leases" to off can help you.
        And you can compensate for the side effects yourself.

        Btw
        What pfSense device / version ?
        Other packages installed ?
        You have read about the 'unbound' history on this forum ?
        Did you check how often unbound restart ? Per day/hour/minute/second ? - as every incoming DHCP lease or renew will restart unbound - goto the the unbound log and count the number of "start" per day/hour/minute.
        I dealt with the issue a couple of years ago : I added a "MAC lease" for every device on my network (about 60), and knowing I'm not adding new devices every day - and that I don't want to know what devices are connected on my 'public captive portal'. Never had an issue since.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        J 1 Reply Last reply Reply Quote 0
        • J
          jabacrack @Gertjan
          last edited by

          @Gertjan

          What pfSense device / version ?
          Other packages installed ?

          Sorry, I was little frustrated and forgot to provide this information.
          I use APU2 and pfsense 2.5.1-RELEASE
          I only use backup 0.5_5 package.
          In additional I have two openvpn tunnels for route some sites via it using aliase lists.
          Also I have Gateway Group with my openvpn gateway and my default provider. I expect in case openvpn down to auto switch to default one, but it doesn't work this way sometimes :)
          Everything else is very common for router setup, but I can post my full config backup if needed.

          Did you check how often unbound restart ?

          If it will restart it will be fine for me, but it die without any error. Maybe adding watchdog help me, but this is not elegant solution.

          This is latest records from unbound log.

          Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: server stats for thread 3: 161 queries, 76 answers from cache, 85 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: server stats for thread 3: requestlist max 61 avg 8.71765 exceeded 0 jostled 0
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: average recursion processing time 1.275102 sec
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: histogram of recursion processing times
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: [25%]=0.0919324 median[50%]=0.222822 [75%]=0.787629
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: lower(secs) upper(secs) recursions
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 0.000000 0.000001 6
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 0.032768 0.065536 8
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 0.065536 0.131072 18
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 0.131072 0.262144 15
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 0.262144 0.524288 9
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 0.524288 1.000000 14
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 1.000000 2.000000 5
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 2.000000 4.000000 3
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 4.000000 8.000000 4
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 8.000000 16.000000 2
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: 16.000000 32.000000 1
Jul 6 08:27:04 	unbound 	66806 	[66806:0] notice: Restart of unbound 1.13.1.
Jul 6 08:27:04 	unbound 	66806 	[66806:0] notice: init module 0: validator
Jul 6 08:27:04 	unbound 	66806 	[66806:0] notice: init module 1: iterator
Jul 6 08:27:04 	unbound 	66806 	[66806:0] info: start of service (unbound 1.13.1).
Jul 6 08:27:08 	unbound 	66806 	[66806:0] info: generate keytag query _ta-4f66. NULL IN
Jul 6 08:27:08 	unbound 	66806 	[66806:3] info: generate keytag query _ta-4f66. NULL IN
Jul 6 08:27:27 	filterdns 	27051 	failed to resolve host hentainexus.com will retry later again.
Jul 6 08:27:30 	unbound 	66806 	[66806:2] error: read (in tcp s): Connection refused for 199.249.113.1 port 53
Jul 6 08:27:30 	filterdns 	27051 	failed to resolve host btc-e.com will retry later again.
Jul 6 08:27:32 	unbound 	66806 	[66806:1] error: read (in tcp s): Connection refused for 199.249.121.1 port 53
Jul 6 08:27:32 	filterdns 	27051 	failed to resolve host thepiratebay.se will retry later again.
Jul 6 08:27:32 	unbound 	66806 	[66806:2] error: read (in tcp s): Connection refused for 199.249.121.1 port 53
Jul 6 08:27:32 	unbound 	66806 	[66806:2] error: read (in tcp s): Connection refused for 199.249.121.1 port 53
Jul 6 08:27:33 	unbound 	66806 	[66806:2] error: read (in tcp s): Connection refused for 199.249.113.1 port 53
Jul 6 08:27:33 	unbound 	66806 	[66806:2] error: read (in tcp s): Connection refused for 199.249.113.1 port 53
Jul 6 08:27:33 	unbound 	66806 	[66806:2] error: read (in tcp s): Connection refused for 199.249.121.1 port 53
Jul 6 08:27:33 	unbound 	66806 	[66806:2] error: read (in tcp s): Connection refused for 199.249.121.1 port 53
Jul 6 08:27:35 	unbound 	66806 	[66806:0] error: read (in tcp s): Connection refused for 199.249.119.1 port 53
Jul 6 08:27:35 	unbound 	66806 	[66806:0] error: read (in tcp s): Connection refused for 199.249.119.1 port 53

          You have read about the 'unbound' history on this forum ?

          No, problems is common situation for unbound? I get this problem when update to 2.5.0, revert to 2.4.5 and decide to wait until it will be fixed in next release. But it doesn't help.

          I dealt with the issue a couple of years ago : I added a "MAC lease" for every device on my network

          I have similar setup, but i thought that "Register DHCP leases in the DNS Resolver" should be enable in this case too.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @jabacrack
            last edited by

            @jabacrack said in DNS resolver Stop Working after upgrade 2.4.5 to 2.5.1:

            I have similar setup, but i thought that "Register DHCP leases in the DNS Resolver" should be enable in this case too.

            Noop. Disable it.
            "Register DHCP leases in the DNS Resolver" isn't a bad option, but it with every new DHCP lease, and DHCP renew, the resolver (unbound) gets restarted.

            For "DHCP MAC leases" to be added to the DNS local cache, this option

            017a3fad-39a5-4e42-9185-b27328d71438-image.png

            needs to be checked.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @jabacrack
              last edited by

              2.5.2 will have a lower version for Unbound due to instability.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.