DNS Resolver crashing after recent update[solved]

scline

It seems after the most recent upgrade I have to reboot my pfsense box every week or two in order to correct DNS from failing. This is a physical box (no VM):

Intel Xeon CPU D-1518 @ 2.20GHz
8 CPUs: 1 package(s) x 4 core(s) x 2 hardware threads
8GB DDR4 RAM

The Unbound DNS logs when things are in a bad state look like the following:

Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
Jun 12 16:02:11	unbound	59065:2	notice: remote address is 8.8.8.8 port 53

Attempting to restart the service itself does nothing. Memory usage is minimal, ~5% currently. At one point I did have suricata installed but removed a few months ago.

Anything anyone can think of that would cause this issue? I am all ears!

Installed Packages:

frr	                net	        0.2_1
LADVD	                net	        1.2.2	
openvpn-client-export   security	1.4.14		
Telegraf	        net-mgmt	0.4	

Unbound Configuration File:

##########################
# Unbound Configuration
##########################

##
# Server configuration
##
server:

chroot: /var/unbound
username: "unbound"
directory: "/var/unbound"
pidfile: "/var/run/unbound.pid"
use-syslog: yes
port: 53
verbosity: 1
hide-identity: yes
hide-version: yes
harden-glue: yes
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
module-config: "validator iterator"
unwanted-reply-threshold: 0
num-queries-per-thread: 4096
jostle-timeout: 200
infra-host-ttl: 900
infra-cache-numhosts: 10000
outgoing-num-tcp: 10
incoming-num-tcp: 10
edns-buffer-size: 4096
cache-max-ttl: 86400
cache-min-ttl: 0
harden-dnssec-stripped: yes
msg-cache-size: 4m
rrset-cache-size: 8m

num-threads: 8
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
outgoing-range: 4096
#so-rcvbuf: 4m
auto-trust-anchor-file: /var/unbound/root.key
prefetch: no
prefetch-key: no
use-caps-for-id: no
serve-expired: no
# Statistics
# Unbound Statistics
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yes

# Interface IP(s) to bind to
interface: 0.0.0.0
interface: ::0
interface-automatic: yes

# Outgoing interfaces to be used


# DNS Rebinding
# For DNS Rebinding prevention
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 169.254.0.0/16
private-address: 192.168.0.0/16
private-address: fd00::/8
private-address: fe80::/10


# Access lists
include: /var/unbound/access_lists.conf

# Static host entries
include: /var/unbound/host_entries.conf

# dhcp lease entries
include: /var/unbound/dhcpleases_entries.conf



# Domain overrides
include: /var/unbound/domainoverrides.conf
# Forwarding
forward-zone:
	name: "."
	forward-addr: 8.8.8.8
	forward-addr: 8.8.4.4




###
# Remote Control Config
###
include: /var/unbound/remotecontrol.conf

scline

So this occurred again this morning, looks like after some further troubleshooting this is related to my OpenVPN setup. I have one vlan funneling all traffic out PIA VPN (Guest network) while the rest is processed normally. I don’t know why yet, but it appears when this tunnel bounces DNS traffic from PFSense is gobbled up. Local DNS works fine so just external revolvers are broken.