Issue restart Unbound

killmasta93

Hi,
Recently im getting restart in unbound which makes users to complain about constant disconnect from websites. I checked the logs and found this

Feb 9 00:10:00	unbound	916:0	notice: remote address is 8.8.8.8 port 53
Feb 9 00:10:00	unbound	916:0	notice: sendto failed: Permission denied
Feb 9 00:10:00	unbound	916:0	info: start of service (unbound 1.8.1).
Feb 9 00:10:00	unbound	916:0	notice: init module 0: iterator
Feb 9 00:10:00	unbound	916:0	notice: Restart of unbound 1.8.1.
Feb 9 00:10:00	unbound	916:0	info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb 9 00:10:00	unbound	916:0	info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb 9 00:10:00	unbound	916:0	info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb 9 00:10:00	unbound	916:0	info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb 9 00:10:00	unbound	916:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb 9 00:10:00	unbound	916:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb 9 00:10:00	unbound	916:0	info: service stopped (unbound 1.8.1).
Feb 9 00:08:20	unbound	916:0	info: start of service (unbound 1.8.1).
Feb 9 00:08:20	unbound	916:0	notice: init module 0: iterator
Feb 9 00:08:20	unbound	916:0	notice: Restart of unbound 1.8.1.
Feb 9 00:08:20	unbound	916:0	info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb 9 00:08:20	unbound	916:0	info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb 9 00:08:20	unbound	916:0	info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb 9 00:08:20	unbound	916:0	info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Feb 9 00:08:20	unbound	916:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Feb 9 00:08:20	unbound	916:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting

I was reading a few forums a few said about WAN DHCP but im using static IP, and this is my picture of DNS
0_1549689516645_Screenshot at 2019-02-09 00-18-12.png
also using en general config for dns
1.1.1.1
1.0.0.1
8.8.8.8

Thank you
and google 8.8.8.8

Gertjan

When unbound restarts current user (from LAN etc) are not disconnected.
If unbound starts to restart several times a minute (you showed just one !) then you should start to look why unbound is doing so. In your case, incoming DHCP requests from LAN is not restarting your unbound.

The girst two lines of your log shows that unbound itself can't connect to the net (the 8.8.8.8).

Do you really need to forward DNS requests ? Do you need to have handled all your DNS requests to Google ?
What happens if you make unbound work as a resolver ?

If your upstream WAN connections goes down, and unbound depends on remote DNS resolvers (the 8.8.8.8 etc) then I can imagine unbound restarts. This would also explain why users get disconnected.

killmasta93

Thanks for the reply, i had to cut the log because it was not letting me post that log as it was marking me as spam to post.
This is the current log

https://pastebin.com/i8aAmGsk

Do you really need to forward DNS requests ?

well im using DNS Resolver but should i disable DNS query Forwarding?

Do you need to have handled all your DNS requests to Google ?

Well funny thing on the general setup im using 1.1.1.1 and 1.0.0.1 as primary and secondary so not sure where the 8.8.8.8 is coming from.

What happens if you make unbound work as a resolver

Well isn't it currently as working as a resolver? or do i have to uncheck DNS query forwarding?

Thank you again

Grimson

@killmasta93 said in Issue restart Unbound:

Well isn't it currently as working as a resolver? or do i have to uncheck DNS query forwarding?

https://forum.netgate.com/topic/117972/difference-between-dns-resolver-and-dns-forwarder/12

killmasta93

Thanks for the reply, that was very helpful, so i disabled Query Forwarding and enabled DNSSEC going to see this week how it goes