DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953

SnowmanUT

I can't get this to work properly as I continue to get this error below. I have look around forum and internet to try a few things but have not found anything that works yet. Newbie to PfblockerNG but would like to get it working if anyone can help.

Reloading Unbound Resolver..
DNSBL enabled FAIL - restoring Unbound conf *** Fix error(s) and a Force Reload required! ***
[1549436537] unbound-control[77716:0] error: connect: Can't assign requested address for 127.0.0.1 port 953.... Not completed.

I found this page talking about the same issue but no resolution besides resetting and starting over which I would prefer not to do.
https://www.reddit.com/r/pfBlockerNG/comments/a9lgnx/unboundcontrol_error_cant_assign_address/

johnpoz

And did you follow the steps in that thread were they ask you to look what is running on that port.. Lets see your sockstat output

example here is mine

[2.4.4-RELEASE][root@sg4860.local.lan]/root: sockstat | grep :953
unbound  unbound    68997 29 tcp4   127.0.0.1:953         *:*
[2.4.4-RELEASE][root@sg4860.local.lan]/root: 

SnowmanUT

@johnpoz said in DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953:

sockstat

It shows this:

unbound unbound 92099 22 tcp4 127.0.0.1:953 :

johnpoz

so unbound is already listening, if it doesn't stop when asked, etc. then sure you can have issues if your trying to run another instance for example.

Lets see your logs, can you stop unbound and restart it from the gui, does it stop and start - can you do it from the cmd line... The info on how to do that is in the thread you linked to.

Saying there is no solution there is because you have not given the info required to figure out what the problem actually is. Just like the guy in that thread. The person asking all the questions and giving great advice is the writer of pfblocker ;) bcan177 if anyone can help it would be him. But without details nobody can help.

SnowmanUT

Sorry, I am a newbie. Which logs do you want, from PFblockerNG logs or system logs? How do I download system logs?

I can stop and start it from the GUI. I just stopped it from the GUI and tried force reloading DNSBL update which then started unbound again. Message now is this.

Saving DNSBL database... completed

---

Assembling DNSBL database... completed [ 02/06/19 10:21:36 ]
Starting Unbound Service.... Not completed. [ 02/06/19 10:21:43 ]

*** DNSBL update [ 155652 ] [ 141171 ] ... OUT OF SYNC ! ***

BBcan177

@snowmanut

Try to go to pfSense Resolver, Advanced page, and change the Log Level to "2" , then hit save.

Then review the resolver.log in pfSense system logs to see if you have any other errors? If there are, try to address those first.

Otherwise, there could be a bit of a race condition with the widget. So first try the above, if that doesn't pan out, goto the pfSense dashboard and click the wrench icon in the pfB widget. Change the Resolver query setting from "5" to "60" seconds. then save. Then run a Force Reload - DNSBL.

@johnpoz Thanks! Am on holidays but still on duty :)

SnowmanUT

I have a bunch of the same error on the Resolver log. This is just a part of the error but they all say duplicate forward zone. Not sure what that means??

Feb 5 21:44:13 unbound 84341:1 error: duplicate forward zone . ignored.
Feb 5 21:49:31 unbound 84341:1 error: duplicate forward zone . ignored.
Feb 5 21:49:31 unbound 84341:3 error: duplicate forward zone . ignored.
Feb 5 21:49:31 unbound 84341:2 error: duplicate forward zone . ignored.
Feb 5 21:49:31 unbound 84341:0 error: duplicate forward zone . ignored.
Feb 5 22:14:57 unbound 84341:2 error: duplicate forward zone . ignored.
Feb 5 22:14:57 unbound 84341:1 error: duplicate forward zone . ignored.
Feb 5 22:14:57 unbound 84341:3 error: duplicate forward zone . ignored.
Feb 5 22:14:57 unbound 84341:0 error: duplicate forward zone . ignored.

SnowmanUT

Got rid of errors in DNS resolver log by removing all my DNS servers in the general setup page.

I changed the Resolver query setting from "5" to "60" seconds and did the reload but back to the same error:

Assembling DNSBL database... completed [ 02/06/19 14:36:44 ]
Reloading Unbound Resolver..
DNSBL enabled FAIL - restoring Unbound conf *** Fix error(s) and a Force Reload required! ***
[1549489005] unbound-control[64031:0] error: connect: Can't assign requested address for 127.0.0.1 port 953.... Not completed. [ 02/06/19 14:36:45 ]

RonpfS

Maybe you should do a Force Reload All then post your pfblockerng.log to see what happens.

SnowmanUT

0_1549494634044_pfblockerng.log.txt

Ok, removed the package completely and reinstalled it just to try. Went through the wizard again and back to the same error.

pfblockerng.log attached

RonpfS

How did you configure DNS Resolver ?
What pfsense version, platform, pfblockerng version, which package are you using?

SnowmanUT

PFsense version: 2.4.4-RELEASE-p2 (amd64)
pfBlockerNG-devel net 2.2.5_21
Platform: HP T620 Plus Thin Client

DNS Resolver setting:
-Network Interfaces: all
-Outgoing Network Interfaces: WAN
-System Domain Local Zone Type: Transparent
-DNSSEC Support: Enabled
-Custom Options: server:include: /var/unbound/pfb_dnsbl.*conf
-Host override for a duckdns domain I have setup.

RonpfS

@snowmanut said in DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953:

-Host override for a duckdns domain I have setup.

And if you remove the host override do you still have the same symptoms?

SnowmanUT

Deleted host override, no change. Same error after force reload.

RonpfS

@snowmanut
Do you have DNS Forwarder disabled ?
Do you have DNS Resolver DNS Query Forwarding disabled?

What is the output of :

ls -al /var/unbound
ls -al /var/db/pfblockerng
ls -al /var/db/pfblockerng/dnsbl
ls -al /var/db/pfblockerng/dnsblorig

SnowmanUT

Do you have DNS Forwarder disabled? Yes
Do you have DNS Resolver DNS Query Forwarding disabled? Yes

ls -al /var/unbound:
total 120
drwxr-xr-x 3 unbound unbound 1024 Feb 6 17:50 .
drwxr-xr-x 27 root wheel 512 Dec 12 05:42 ..
-rw-r--r-- 1 root unbound 292 Feb 6 17:44 access_lists.conf
drwxr-xr-x 2 unbound unbound 512 Dec 12 05:42 conf.d
-rw-r--r-- 1 root unbound 175 Feb 6 17:44 dhcpleases_entries.conf
-rw-r--r-- 1 root unbound 3355 Feb 6 15:58 dnsbl_cert.pem
-rw-r--r-- 1 root unbound 0 Feb 6 17:44 domainoverrides.conf
-rw-r--r-- 1 root unbound 398 Feb 6 17:44 host_entries.conf
-rw-r--r-- 1 root unbound 0 Feb 6 17:49 pfb_dnsbl.conf
-rw-r--r-- 1 root unbound 1498 Feb 6 15:58 pfb_dnsbl_lighty.conf
-rw-r--r-- 1 root unbound 300 Oct 22 08:11 remotecontrol.conf
-rw-r--r-- 1 unbound unbound 1252 Feb 6 17:44 root.key
-rw-r--r-- 1 root unbound 2056 Feb 6 17:49 unbound.conf
-rw-r----- 1 unbound unbound 2455 Oct 22 08:11 unbound_control.key
-rw-r----- 1 unbound unbound 1330 Oct 22 08:11 unbound_control.pem
-rw-r----- 1 unbound unbound 2455 Oct 22 08:11 unbound_server.key
-rw-r----- 1 unbound unbound 1318 Oct 22 08:11 unbound_server.pem

ls -al /var/db/pfblockerng
total 1768
drwxr-xr-x 11 root wheel 512 Feb 6 18:00 .
drwxr-xr-x 14 root wheel 1024 Feb 6 16:48 ..
drwxr-xr-x 2 root wheel 512 Feb 6 15:57 ET
drwxr-xr-x 2 root wheel 1024 Feb 6 18:00 deny
drwxr-xr-x 2 root wheel 1024 Feb 6 17:49 dnsbl
-rw-r--r-- 1 root wheel 8192 Feb 6 17:49 dnsbl.sqlite
-rw-r--r-- 1 root wheel 8192 Feb 6 15:58 dnsbl_levent.sqlite
drwxr-xr-x 2 root wheel 512 Feb 6 15:58 dnsblalias
drwxr-xr-x 2 root wheel 1024 Feb 6 15:58 dnsblorig
-rw-r--r-- 1 root wheel 10001 Feb 6 15:49 geoip.txt
-rw-r--r-- 1 root wheel 266386 Feb 6 18:00 mastercat
-rw------- 1 root wheel 508197 Feb 6 18:00 masterfile
drwxr-xr-x 2 root wheel 512 Feb 6 15:57 match
drwxr-xr-x 2 root wheel 512 Feb 6 15:57 native
drwxr-xr-x 2 root wheel 512 Feb 6 18:00 original
drwxr-xr-x 2 root wheel 512 Feb 6 15:57 permit
-rw-r--r-- 1 root wheel 2152 Feb 6 18:00 pfbdnsblsuppression.txt

ls -al /var/db/pfblockerng/dnsbl
total 15704
drwxr-xr-x 2 root wheel 1024 Feb 6 17:49 .
drwxr-xr-x 11 root wheel 512 Feb 6 18:00 ..
-rw-r--r-- 1 root wheel 113986 Feb 6 17:49 Abuse_DOMBL.txt
-rw-r--r-- 1 root wheel 385663 Feb 6 17:49 Abuse_URLBL.txt
-rw-r--r-- 1 root wheel 2422 Feb 6 17:49 Abuse_Zeus_BD.txt
-rw-r--r-- 1 root wheel 20707 Feb 6 17:49 Adaway.txt
-rw-r--r-- 1 root wheel 34779 Feb 6 17:49 BBC_DC2.txt
-rw-r--r-- 1 root wheel 769139 Feb 6 17:49 Cameleon.txt
-rw-r--r-- 1 root wheel 128691 Feb 6 17:49 D_Me_ADs.txt
-rw-r--r-- 1 root wheel 4251 Feb 6 17:49 D_Me_Malv.txt
-rw-r--r-- 1 root wheel 0 Feb 6 17:49 D_Me_Malw.txt
-rw-r--r-- 1 root wheel 1488 Feb 6 17:49 D_Me_Tracking.txt
-rw-r--r-- 1 root wheel 49294 Feb 6 17:49 EasyList.txt
-rw-r--r-- 1 root wheel 138299 Feb 6 17:49 EasyPrivacy.txt
-rw-r--r-- 1 root wheel 0 Feb 6 17:49 ISC_SDH.txt
-rw-r--r-- 1 root wheel 56852 Feb 6 17:49 MDL.txt
-rw-r--r-- 1 root wheel 1471173 Feb 6 17:49 MDS.txt
-rw-r--r-- 1 root wheel 128220 Feb 6 17:49 MDS_Immortal.txt
-rw-r--r-- 1 root wheel 46827 Feb 6 17:49 MVPS.txt
-rw-r--r-- 1 root wheel 93081 Feb 6 17:49 SBL_ADs.txt
-rw-r--r-- 1 root wheel 752123 Feb 6 17:49 SFS_Toxic_BD.txt
-rw-r--r-- 1 root wheel 545387 Feb 6 17:49 SWC.txt
-rw-r--r-- 1 root wheel 362322 Feb 6 17:49 Spam404.txt
-rw-r--r-- 1 root wheel 37106 Feb 6 17:49 Yoyo.txt
-rw-r--r-- 1 root wheel 2638905 Feb 6 17:49 hpHosts_ATS.txt

RonpfS

ls -al /var/db/pfblockerng/dnsblalias
ls -al /var/db/pfblockerng/dnsblorig
cat /var/db/pfblockerng/pfbdnsblsuppression.txt

Can you try to disable DNSBL, then run a force Update.
Enable DNSBL then run Force Update.

If you still have errors, then enable only on DNSBL group with only one URL enabled, run a Force Reload DNSBL and see if it reload unbound.

johnpoz

@snowmanut said in DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953:

by removing all my DNS servers in the general setup page.

Why would you have DNS servers listed in the general setup page if your using unbound in resolver mode? Having there sure would not cause any errors since they would never be used, unless you told pfsense not to use 127.0.0.1?

SnowmanUT

When I deleted all the DNS servers in there it wouldn't download any packages from the package manager. When I put 1 back the package manager worked again. Others reported similar behavior on other posts.

I don't think I have told it not to use 127.0.0.1, where would I do that besides the DNS resolver which we already checked?

johnpoz

Lets forget pfblocker for a second... Does unbound work when not using pfblocker? Disable pfblocker does your resolver work as it should..

Its right there in the general setup - where you would of set extra dns

I would also uncheck allowing your ISP to hand you dns via dhcp... That checkbox above the one I point out.

Pfsense out of the box resolves, and the only thing it should point to for dns is itself

If you are having issues with unbound working, I would figure that out before you worry about package like pfblocker