DNS Resolver crashing after recent update[solved]



  • It seems after the most recent upgrade I have to reboot my pfsense box every week or two in order to correct DNS from failing. This is a physical box (no VM):

    Intel® Xeon® CPU D-1518 @ 2.20GHz
    8 CPUs: 1 package(s) x 4 core(s) x 2 hardware threads
    8GB DDR4 RAM

    The Unbound DNS logs when things are in a bad state look like the following:

    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:2	notice: remote address is 8.8.8.8 port 53
    

    Attempting to restart the service itself does nothing. Memory usage is minimal, ~5% currently. At one point I did have suricata installed but removed a few months ago.

    Anything anyone can think of that would cause this issue? I am all ears!

    Installed Packages:

    frr	                net	        0.2_1
    LADVD	                net	        1.2.2	
    openvpn-client-export   security	1.4.14		
    Telegraf	        net-mgmt	0.4	
    

    Unbound Configuration File:

    ##########################
    # Unbound Configuration
    ##########################
    
    ##
    # Server configuration
    ##
    server:
    
    chroot: /var/unbound
    username: "unbound"
    directory: "/var/unbound"
    pidfile: "/var/run/unbound.pid"
    use-syslog: yes
    port: 53
    verbosity: 1
    hide-identity: yes
    hide-version: yes
    harden-glue: yes
    do-ip4: yes
    do-ip6: yes
    do-udp: yes
    do-tcp: yes
    do-daemonize: yes
    module-config: "validator iterator"
    unwanted-reply-threshold: 0
    num-queries-per-thread: 4096
    jostle-timeout: 200
    infra-host-ttl: 900
    infra-cache-numhosts: 10000
    outgoing-num-tcp: 10
    incoming-num-tcp: 10
    edns-buffer-size: 4096
    cache-max-ttl: 86400
    cache-min-ttl: 0
    harden-dnssec-stripped: yes
    msg-cache-size: 4m
    rrset-cache-size: 8m
    
    num-threads: 8
    msg-cache-slabs: 8
    rrset-cache-slabs: 8
    infra-cache-slabs: 8
    key-cache-slabs: 8
    outgoing-range: 4096
    #so-rcvbuf: 4m
    auto-trust-anchor-file: /var/unbound/root.key
    prefetch: no
    prefetch-key: no
    use-caps-for-id: no
    serve-expired: no
    # Statistics
    # Unbound Statistics
    statistics-interval: 0
    extended-statistics: yes
    statistics-cumulative: yes
    
    # Interface IP(s) to bind to
    interface: 0.0.0.0
    interface: ::0
    interface-automatic: yes
    
    # Outgoing interfaces to be used
    
    
    # DNS Rebinding
    # For DNS Rebinding prevention
    private-address: 10.0.0.0/8
    private-address: 172.16.0.0/12
    private-address: 169.254.0.0/16
    private-address: 192.168.0.0/16
    private-address: fd00::/8
    private-address: fe80::/10
    
    
    # Access lists
    include: /var/unbound/access_lists.conf
    
    # Static host entries
    include: /var/unbound/host_entries.conf
    
    # dhcp lease entries
    include: /var/unbound/dhcpleases_entries.conf
    
    
    
    # Domain overrides
    include: /var/unbound/domainoverrides.conf
    # Forwarding
    forward-zone:
    	name: "."
    	forward-addr: 8.8.8.8
    	forward-addr: 8.8.4.4
    
    
    
    
    ###
    # Remote Control Config
    ###
    include: /var/unbound/remotecontrol.conf
    
    


  • So this occurred again this morning, looks like after some further troubleshooting this is related to my OpenVPN setup. I have one vlan funneling all traffic out PIA VPN (Guest network) while the rest is processed normally. I don’t know why yet, but it appears when this tunnel bounces DNS traffic from PFSense is gobbled up. Local DNS works fine so just external revolvers are broken.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy