Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    unbound does not start when named (bind) is running - kills connectivity at a PPPoE restart

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 750 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacotec
      last edited by jacotec

      Hi,

      I'm having a serious issue with my pfSense router. I'm using unbound as the local DNS server/resolver, but I'm also running named (bind) on a different interface which can be reached from the WAN side to manage some of my zones (primary because the ACME keeps some certificates up to date).

      So not a very special setup, but I'm facing serious issues when the WAN interface is restarted (i.e. a PPPoE resync happens in the nightly maintenance window of my ISP when he pushed updates to the MSAN).

      In that case unbound seems to be restarted by pfSense, but when bind is already running (what it usually is), unbound could not restart because of a blocked remote port 953:

      servicewatchdog_cron.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1528285441] unbound[11551:0] error: can't bind socket: Address already in use for 127.0.0.1 [1528285441] unbound[11551:0] error: cannot open control interface 127.0.0.1 953 [1528285441] unbound[11551:0] fatal error: could not open ports'

      I've found this bug thread: https://redmine.pfsense.org/issues/7271
      This points into the direction that bind and unbound seem to use the same remote control port, but it appeared to me that issue is fixed.

      In my situation I need to manually stop named, then start unbound (which is working) and finally restart bind.

      I'm not sure if this issue only appears when the service watchdog monitors (and restarts) unbound - but as I found unbound stopped some weeks ago and Snort also sometimes just stopped by itself, I'm monitoring essential services with the watchdog.

      I also issued the rndc-confgen command to relocate the control port of bind, but that seemed not to be persistent (or maybe it's killed with pfSense updates?)

      Any ideas how to solve this are highly appreciated.

      Edit:
      Additional question - is the remote port for unbound really needed in pfSense?
      Does it harm to just change it in /var/unbound/remotecontrol.conf to:

      remote-control:
	control-enable: yes
	control-interface: 127.0.0.1
	control-port: 7953
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.