Unbound always fails to start
-
Every time pfsense boots up, the unbound DNS resolver fails to start. I get the following error in the System General logs for the process php-cgi.
rc.bootup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1480155198] unbound[36242:0] error: can't bind socket: Can't assign requested address for fe80::20e:c4ff:fece:67a1 [1480155198] unbound[36242:0] fatal error: could not open ports'
The IPv6 Link Local address in the error appears to be a SLAAC address since it includes my MAC address however the address is wrong. My LAN interface has an actual IPv6 Link Local address of fe80::1:1 and not fe80::20e:c4ff:fece:67a1. My WAN IPv6 Link Local address is in that SLAAC format with a slightly different address since it is has a different MAC address, fe80::20e:c4ff:fece:67a0. Note that if I manually start the unbound service then it immediately starts with no errors. It appears that unbound is grabbing the wrong IP address perhaps because the service is starting too soon. Is this a known bug?
-
I assume this is an IPv6 issue related to my IPv6 settings. It looks like no one else is having this issue?
-
Which pfSense version?
-
I assume this is an IPv6 issue related to my IPv6 settings. It looks like no one else is having this issue?
If you have pfBlockerNG installed, and DNSBL enabled, thats mostly the case, was told by pfBlockerNG auther that its not pfBlockerNG fault, I have IPv6 installed, PureVPN client installed. Every time when the system renews IPs (IPv4, IPv6, VPN IP), Unbound gets restarted and failed with exact the same error. so I have to disable DNSBL at the moment but leave IP blocks working.
Hopefully, pfSense and upstream Unbound devs can together find a solution for this. Otherwise, its a nightmare.
-
I am running the current version (2.3.2p1) with no packages. I used to have pfBlockerNG installed but I have since removed it. So perhaps the removal of pfBlockerNG left something behind which is still causing the problem? The DNSBL service is uninstalled and not running.
-
I am running the current version (2.3.2p1) with no packages. I used to have pfBlockerNG installed but I have since removed it. So perhaps the removal of pfBlockerNG left something behind which is still causing the problem? The DNSBL service is uninstalled and not running.
After I disabled DNSBL, Unbound restarts itself without any issue so far when IPv6/VPN client gets renewed.
-
Solved, but I don't like the solution.
Interfaces -> WAN -> "DHCP6 Client Configuration" -> "Use IPv4 connectivity as parent interface" = enabledIPv4 shouldn't be required to bootstrap the IPv6 connection and my IPv6 connection worked without enabling this. However, turning this on probably brings up the connection fast enough that it is ready when Unbound starts so it doesn't fail to bind.