DNS stops resolving DHCP hosts
-
Hi,
I have a problem where pfSense stops resolving internal hostnames.
I'm running pfSense 2.4.3-RELEASE (amd64) as a VM. The VM has two cores (i7-2600) and 1Gb of RAM. I'm using DNS forwarding, and the DNS resolver is disabled.
Every morning for the last few mornings, DNS silently stops resolving DHCP issued addresses.
The resolver log shows that the system started clearing and reloading aliases continually from about midnight until 0200, which is odd. After spending two hours reloading the aliases, I see the following in resolver.log;
May 1 02:07:37 [pfsense-sysname] dnsmasq[94187]: read /etc/hosts - 61 addresses May 1 02:08:13 [pfsense-sysname] dnsmasq[94187]: reading /etc/resolv.conf May 1 02:08:13 [pfsense-sysname] dnsmasq[94187]: ignoring nameserver 127.0.0.1 - local interface May 1 02:08:16 [pfsense-sysname] dnsmasq[94187]: reading /etc/resolv.conf May 1 02:08:16 [pfsense-sysname] dnsmasq[94187]: ignoring nameserver 127.0.0.1 - local interface May 1 02:08:16 [pfsense-sysname] dnsmasq[94187]: using nameserver [isp-ns1]#53 May 1 02:08:16 [pfsense-sysname] dnsmasq[94187]: using nameserver [isp-ns2]#53 May 1 02:08:16 [pfsense-sysname] dnsmasq[94187]: read /etc/hosts - 7 addressesAt 02:07:37, we have 61 addresses read from DHCP, and at 02:08:36 we have 7.
This is when problems start.The dhcpd log contains the following;
May 1 02:07:37 [pfsense-sysname] dhcpleases: Sending HUP signal to dns daemon(94187) May 1 02:08:16 [pfsense-sysname] dhcpleases: /etc/hosts changed size from original! May 1 02:08:16 [pfsense-sysname] dhcpleases: Sending HUP signal to dns daemon(94187) May 1 02:08:18 [pfsense-sysname] dhcpd: Internet Systems Consortium DHCP Server 4.3.6-P1 May 1 02:08:18 [pfsense-sysname] dhcpd: Copyright 2004-2018 Internet Systems Consortium. May 1 02:08:18 [pfsense-sysname] dhcpd: All rights reserved. May 1 02:08:18 [pfsense-sysname] dhcpd: For info, please visit https://www.isc.org/software/dhcp/ May 1 02:08:18 [pfsense-sysname] dhcpd: Config file: /etc/dhcpd.conf May 1 02:08:18 [pfsense-sysname] dhcpd: Database file: /var/db/dhcpd.leases May 1 02:08:18 [pfsense-sysname] dhcpd: PID file: /var/run/dhcpd.pid May 1 02:08:18 [pfsense-sysname] dhcpd: Internet Systems Consortium DHCP Server 4.3.6-P1 May 1 02:08:18 [pfsense-sysname] dhcpd: Copyright 2004-2018 Internet Systems Consortium. May 1 02:08:18 [pfsense-sysname] dhcpd: All rights reserved. May 1 02:08:18 [pfsense-sysname] dhcpd: For info, please visit https://www.isc.org/software/dhcp/ May 1 02:08:18 [pfsense-sysname] dhcpd: Wrote 0 deleted host decls to leases file. May 1 02:08:18 [pfsense-sysname] dhcpd: Wrote 0 new dynamic host decls to leases file. May 1 02:08:18 [pfsense-sysname] dhcpd: Wrote 51 leases to leases file. May 1 02:08:18 [pfsense-sysname] dhcpd: Listening on BPF/vmx1/00:50:56:af:55:6f/[net1-addr] May 1 02:08:18 [pfsense-sysname] dhcpd: Sending on BPF/vmx1/00:50:56:af:55:6f/[net1-addr] May 1 02:08:18 [pfsense-sysname] dhcpd: Listening on BPF/vmx2/00:50:56:af:12:a8/[net2-addr] May 1 02:08:18 [pfsense-sysname] dhcpd: Sending on BPF/vmx2/00:50:56:af:12:a8/[net2-addr] May 1 02:08:18 [pfsense-sysname] dhcpd: Listening on BPF/vmx3/00:50:56:af:65:fe/[net3-addr] May 1 02:08:18 [pfsense-sysname] dhcpd: Sending on BPF/vmx3/00:50:56:af:65:fe/[net3-addr] May 1 02:08:18 [pfsense-sysname] dhcpd: Listening on BPF/vmx0/00:50:56:af:b7:48/[net4-addr] May 1 02:08:18 [pfsense-sysname] dhcpd: Sending on BPF/vmx0/00:50:56:af:b7:48/[net4-addr] May 1 02:08:18 [pfsense-sysname] dhcpd: Sending on Socket/fallback/fallback-net May 1 02:08:18 [pfsense-sysname] dhcpd: Server starting service. May 1 02:08:18 [pfsense-sysname] dhcpleases: Sending HUP signal to dns daemon(94187) May 1 02:08:18 [pfsense-sysname] dhcpleases: Sending HUP signal to dns daemon(94187)I've sanitised the logs a bit - my edits are in square brackets.
This has happened the last few mornings, and then about 15mins later I start getting alerts indicating that systems have gone offline. In reality, they've just stopped resolving.
If I restart the dnsmasq service from the pfSense dashboard, the names start resolving again and everything is fine for a while.
This has been happening quite rarely (2-3 times yearly) for quite a while, but since I updated to 2.4.3 it seems to happen daily.It looks like maybe something is modifying the hosts file, and this is then causing the dhcp daemon to crash, but I have no idea what.
Can anybody offer any advice or solutions?
Thanks!
-
Hi,
@Scoundrel:I'm using DNS forwarding, and the DNS resolver is disabled.
Sorry, I'm a member of the Forwarder kill squad **, so I have to pose this question first : knowing that pfSense uses by default the Resolver, not the Forwarder, I want to check this first : what happens if you use default settings == the Resolver ?
Now the nasty one : If you instruct the Resolver to include "DHCP Registration" devices, the sucker is restarted every time a new DHCP Lease is handed out. Easy to imagine what happens when you have a lot of devices begging for IP's with rather short leases and a lazy pfSense admin that didn't made all these leases "Static DHCP" (and checked :
Register DHCP static mappings in the DNS Resolver).
Many forum therads exists about this subject.A DNS that gets restarted every xx seconds is no good for DNS caching.
Btw : what is your DHCP lease duration ? It would be normal that after "12 hours" some hosts disappear because a shut down during the night host can't renew.
Anyway : local hosts that I should be able to 'resolve' at any time are made "DHCP Static". This means the local DNS (Forwarder or resolver) has them on list at all times, no matter what.
** the future tends to enforce DNSSEC - so bye-bye dnsmasq (forwarder). I guess that unbound (the resolver) will be exchanged for "bind" at some time.
-
Hi Gertjan,
Thanks for the response.
Most of my leases are statically assigned.
The lease period for the few (<20) dynamic leases has not been changed from 7200s.
The hosts going "offline" are statically assigned and always on machines. They should renew their lease before it runs out. The host does not lose it's IP address, it is just not resolved through DNS anymore, which causes my monitoring system to report them as offline.
I'm happy to switch to the resolver if that's a better solution. I was only using the forwarder because it is simpler and lighter on resources.
Although it would be alarming to stop and restart the DNS service every time a lease is renewed.I'll give the resolver a go. I'm reluctant to change the settings now since the network is in use, but I should be able to do it tomorrow.
Thanks again.
-
Most of my leases are statically assigned.
Make your settings (Resolver) like - see image.
Static DHCP leases are read when DNS Resolver start - and always kept. I never had problems with that.Again, if DHCP Registration => Register DHCP leases in the DNS Resolver
is checked, the DNS Resolver is restarted every time a new lease is distributed - or a lease is renewed. So leave this one off. Temporary clients don't have to be resolved anyway.
Restarting will involve a (very) small down time of your DNS, and a complete cache loss.The hosts going "offline" are statically assigned and always on machines. They should renew their lease before it runs out. The host does not lose it's IP address, it is just not resolved through DNS anymore, which causes my monitoring system to report them as offline.
I'm happy to switch to the resolver if that's a better solution. I was only using the forwarder because it is simpler and lighter on resources.
Although it would be alarming to stop and restart the DNS service every time a lease is renewed.See above.
I'll give the resolver a go. I'm reluctant to change the settings now since the network is in use, but I should be able to do it tomorrow.
Switching takes a couple of seconds.
-
All cut over. Forwarder is disabled and resolver is running. Thanks for the help.
I'll check back in tomorrow and report how it goes overnight.
-
No issues last night - thanks for the help!
