DNS Resolver crashing after recent update[solved]



  • It seems after the most recent upgrade I have to reboot my pfsense box every week or two in order to correct DNS from failing. This is a physical box (no VM):

    Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz
    8 CPUs: 1 package(s) x 4 core(s) x 2 hardware threads
    8GB DDR4 RAM

    The Unbound DNS logs when things are in a bad state look like the following:

    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:12	unbound	59065:5	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:12	unbound	59065:5	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.8.8 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:7	notice: remote address is 8.8.4.4 port 53
    Jun 12 16:02:11	unbound	59065:7	notice: sendto failed: No buffer space available
    Jun 12 16:02:11	unbound	59065:2	notice: remote address is 8.8.8.8 port 53
    

    Attempting to restart the service itself does nothing. Memory usage is minimal, ~5% currently. At one point I did have suricata installed but removed a few months ago.

    Anything anyone can think of that would cause this issue? I am all ears!

    Installed Packages:

    frr	                net	        0.2_1
    LADVD	                net	        1.2.2	
    openvpn-client-export   security	1.4.14		
    Telegraf	        net-mgmt	0.4	
    

    Unbound Configuration File:

    ##########################
    # Unbound Configuration
    ##########################
    
    ##
    # Server configuration
    ##
    server:
    
    chroot: /var/unbound
    username: "unbound"
    directory: "/var/unbound"
    pidfile: "/var/run/unbound.pid"
    use-syslog: yes
    port: 53
    verbosity: 1
    hide-identity: yes
    hide-version: yes
    harden-glue: yes
    do-ip4: yes
    do-ip6: yes
    do-udp: yes
    do-tcp: yes
    do-daemonize: yes
    module-config: "validator iterator"
    unwanted-reply-threshold: 0
    num-queries-per-thread: 4096
    jostle-timeout: 200
    infra-host-ttl: 900
    infra-cache-numhosts: 10000
    outgoing-num-tcp: 10
    incoming-num-tcp: 10
    edns-buffer-size: 4096
    cache-max-ttl: 86400
    cache-min-ttl: 0
    harden-dnssec-stripped: yes
    msg-cache-size: 4m
    rrset-cache-size: 8m
    
    num-threads: 8
    msg-cache-slabs: 8
    rrset-cache-slabs: 8
    infra-cache-slabs: 8
    key-cache-slabs: 8
    outgoing-range: 4096
    #so-rcvbuf: 4m
    auto-trust-anchor-file: /var/unbound/root.key
    prefetch: no
    prefetch-key: no
    use-caps-for-id: no
    serve-expired: no
    # Statistics
    # Unbound Statistics
    statistics-interval: 0
    extended-statistics: yes
    statistics-cumulative: yes
    
    # Interface IP(s) to bind to
    interface: 0.0.0.0
    interface: ::0
    interface-automatic: yes
    
    # Outgoing interfaces to be used
    
    
    # DNS Rebinding
    # For DNS Rebinding prevention
    private-address: 10.0.0.0/8
    private-address: 172.16.0.0/12
    private-address: 169.254.0.0/16
    private-address: 192.168.0.0/16
    private-address: fd00::/8
    private-address: fe80::/10
    
    
    # Access lists
    include: /var/unbound/access_lists.conf
    
    # Static host entries
    include: /var/unbound/host_entries.conf
    
    # dhcp lease entries
    include: /var/unbound/dhcpleases_entries.conf
    
    
    
    # Domain overrides
    include: /var/unbound/domainoverrides.conf
    # Forwarding
    forward-zone:
    	name: "."
    	forward-addr: 8.8.8.8
    	forward-addr: 8.8.4.4
    
    
    
    
    ###
    # Remote Control Config
    ###
    include: /var/unbound/remotecontrol.conf
    
    


  • So this occurred again this morning, looks like after some further troubleshooting this is related to my OpenVPN setup. I have one vlan funneling all traffic out PIA VPN (Guest network) while the rest is processed normally. I don't know why yet, but it appears when this tunnel bounces DNS traffic from PFSense is gobbled up. Local DNS works fine so just external revolvers are broken.


Log in to reply