Unbound resolver error: Can't assign requested address for 127.0.0.1

RonpfS · Mar 26, 2019, 5:27 PM

Those tables : pfB_PRI1_v4, pfB_PRI4_v4, pfB_PRI2_v4, DNSBL_pfB_PRI2_v4 - pfB_PRI2_v4, DNSBL_Abuse - pfB_Abuse_PS_v4 shouldn't be in DNSBL, they are IPv4 tables, remove them.

Disable BBC_DGA it's probably too big for your memory. And try another Force Reload DNSBL.

You have to monitor memory usage with Status Monitoring. The Dashboard only display "current" memory usage, the Monitoring will give you memory usage over time.

themadsalvi · Mar 26, 2019, 5:43 PM

@RonpfS

Removed those, and forced a reload, which still had the unbound resolver error.

This is the result in the status monitoring during and after reload

This is the force reload log
pfblockerng2.txt

RonpfS · Mar 26, 2019, 5:58 PM

You still have pfB_Abuse_PS_v4 to remove
Try again with BBC_DGA feed disabled.
If it still fails, then post your DNS Resolver config.

themadsalvi · Mar 26, 2019, 6:11 PM

@RonpfS @Gertjan
Here is the latest file for the reload, with all of the lists gone that you told me to delete. Same error pops up:
pfblockerng3.txt

Rsolver settings.

RonpfS · Mar 26, 2019, 6:22 PM

Did you try to remove the private-domain: line ?
On my box I have Prefetch Support and Prefetch DNS Key Support ticked.

themadsalvi · Mar 26, 2019, 6:29 PM

@RonpfS @Gertjan
I ended up taking the private domain line out(save and apply), then checking the prefetch support and Prefetch DNS Key Support boxes(save and apply changes). Tried the forced reload, with those changes, and the error persists.

RonpfS · Mar 26, 2019, 6:31 PM

In a shell or Diagnostics Command prompt, do a

ls -al /var/unbound /var/db/pfblockerng

themadsalvi · Mar 26, 2019, 6:41 PM

@RonpfS @Gertjan
I have placed the output below

Why are the last 4 so old?

RonpfS · Mar 26, 2019, 6:52 PM

@themadsalvi The 2012 timestamp looks suspicious compared to mine :

-rw-r-----   1 unbound  unbound       2459 Dec  8 19:42 unbound_control.key
-rw-r-----   1 unbound  unbound       1330 Dec  8 19:42 unbound_control.pem
-rw-r-----   1 unbound  unbound       2459 Dec  8 19:42 unbound_server.key
-rw-r-----   1 unbound  unbound       1318 Dec  8 19:42 unbound_server.pem

maybe it time to delete them, restart unbound or reboot pfsense.

themadsalvi · Mar 26, 2019, 7:03 PM

@RonpfS

what is the syntax for deleting the files in the shell?
rm -f /var/unbound/unbound_server.key?

is that the correct syntax?

Edit:
It looks like it was able to recreate the files

RonpfS · Mar 26, 2019, 8:06 PM

@themadsalvi

Rename them in case :

mv  /var/unbound/unbound_control.key /var/unbound/backup_unbound_control.key
mv  /var/unbound/unbound_control.pem /var/unbound/backup_unbound_control.pem
mv  /var/unbound/unbound_server.key /var/unbound/backup_unbound_server.key
mv  /var/unbound/unbound_server.pem /var/unbound/backup_unbound_server.pem

restart unbound, it should start, if not ... then move them back.
to remove them it's :

rm /var/unbound/unbound_server.pem

Also it's better to access the webgui with the pfsense IP address instead of using it's domain name when stopping and restarting DNS resolver.

themadsalvi · Mar 26, 2019, 7:08 PM

@RonpfS
unbound restarted ok, without any errors, but the DNSBL was still unable to reload without the error.
pfblockerng4.txt

I use the IP of Pfsense whenever I log into the web GUI, not sure why it uses the domain name when logging into shell

Grimson · Mar 26, 2019, 7:10 PM

What other packages are you using? Bind will conflict with unbound and if you use Service Watchdog make sure it does not monitor unbound.

RonpfS · Mar 26, 2019, 7:16 PM

This post is deleted!

RonpfS · Mar 26, 2019, 7:17 PM

Well ... I have no more clue why it doesn't reload unbound.
Maybe disable all feeds excepts Ads ?

What does ls -al /var/unbound look like now ?

themadsalvi · Mar 26, 2019, 7:37 PM

@RonpfS I placed the result of the rebuilt key and pem files, as well as how /var/unbound looks in my last post(out on lunch and on mobile, sorry)

@Grimson the one thing I find odd is it just started this over the weekend, after a power outage. It has been fine for the last 6 months, without any issue. I do not have bind,and have made sure that unbound is not being monitored by service watchdog. I have the regularly installed packages like pfblockerng-devel, snort, etc.

Grimson · Mar 26, 2019, 7:39 PM

@themadsalvi said in Unbound resolver error: Can't assign requested address for 127.0.0.1:

@Grimson the one thing I find odd is it just started this over the weekend, after a power outage.

So did you run fsck on the filesystem? https://docs.netgate.com/pfsense/en/latest/hardware/troubleshooting-disk-check-errors-fsck.html#manually-run-fsck

I have the regularly installed packages like pfblockerng-devel, snort, etc.

There are no regularly installed packages, a regular install comes without additional packages. So always mention the packages you are using when asking for help.

If following the above to check the filesystem doesn't work grab a config backup and do a fresh install to make sure the installation is in a good state.

themadsalvi · Mar 26, 2019, 7:50 PM

@Grimson iplaced some screenshots from my mobile in my previouspost. Fsck says that /dev/zroot/ROOT cannot be opened since there is no file or directory present

Grimson · Mar 26, 2019, 7:55 PM

@themadsalvi said in Unbound resolver error: Can't assign requested address for 127.0.0.1:

@Grimson iplaced some screenshots from my mobile in my previouspost. Fsck says that /dev/zroot/ROOT cannot be opened since there is no file or directory present

https://www.freebsd.org/doc/handbook/zfs-zpool.html#zfs-zpool-status
https://www.freebsd.org/doc/handbook/zfs-zpool.html#zfs-zpool-scrub

themadsalvi · Mar 26, 2019, 8:04 PM

@Grimson

It looks like it found no errors in the pool. I even ran the scrub with no errors found.