Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    unbound does not start when named (bind) is running - kills connectivity at a PPPoE restart

    General pfSense Questions
    1
    1
    580
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacotec last edited by jacotec

      Hi,

      I'm having a serious issue with my pfSense router. I'm using unbound as the local DNS server/resolver, but I'm also running named (bind) on a different interface which can be reached from the WAN side to manage some of my zones (primary because the ACME keeps some certificates up to date).

      So not a very special setup, but I'm facing serious issues when the WAN interface is restarted (i.e. a PPPoE resync happens in the nightly maintenance window of my ISP when he pushed updates to the MSAN).

      In that case unbound seems to be restarted by pfSense, but when bind is already running (what it usually is), unbound could not restart because of a blocked remote port 953:

      servicewatchdog_cron.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1528285441] unbound[11551:0] error: can't bind socket: Address already in use for 127.0.0.1 [1528285441] unbound[11551:0] error: cannot open control interface 127.0.0.1 953 [1528285441] unbound[11551:0] fatal error: could not open ports'
      

      I've found this bug thread: https://redmine.pfsense.org/issues/7271
      This points into the direction that bind and unbound seem to use the same remote control port, but it appeared to me that issue is fixed.

      In my situation I need to manually stop named, then start unbound (which is working) and finally restart bind.

      I'm not sure if this issue only appears when the service watchdog monitors (and restarts) unbound - but as I found unbound stopped some weeks ago and Snort also sometimes just stopped by itself, I'm monitoring essential services with the watchdog.

      I also issued the rndc-confgen command to relocate the control port of bind, but that seemed not to be persistent (or maybe it's killed with pfSense updates?)

      Any ideas how to solve this are highly appreciated.

      Edit:
      Additional question - is the remote port for unbound really needed in pfSense?
      Does it harm to just change it in /var/unbound/remotecontrol.conf to:

      remote-control:
      	control-enable: yes
      	control-interface: 127.0.0.1
      	control-port: 7953
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy