[SOLVED] DNS Resolver & DHCP Server are constantly restarting

Crunk_Bass · Nov 5, 2019, 5:23 PM

Hello everyone,

my DNS Resolver and DHCP Server are in a restart loop.
pfSense version: 2.4.4-RELEASE-p3 (amd64)
I already tried the following:

disabled "Register DHCP leases in the DNS Resolver"
disabled "Register DHCP static mappings in the DNS Resolver"
disabled DNS Resolver to see, if it stops DHCP restarting -> it doesn't
disabled all DHCP Servers to see, if it stops DNS Resolver restarting -> keeps restarting

DNS log: https://pastebin.com/UEsxxFgM
DHCP log: https://pastebin.com/rTpzakQ6

Any idea what I could try to solve this problem?

Gertjan · Nov 5, 2019, 3:48 PM

Hi,

When you stop using the resolver (unbound)
check with

ps ax | grep unbound

and
stopped using all DHCP servers
check with

ps ax | grep dhcp

@Crunk_Bass said in DNS Resolver & DHCP Server are constantly restarting:

disabled "Register DHCP leases in the DNS Resolver"

This disables :

2498  -  Ss       0:00.05 /usr/local/sbin/dhcpleases -l /var/dhcpd/var/db/dhcpd.leases -d brit-hotel-fumel.net -p /var/run/unbound.pid -u /var/unbound/dhcpleases_entries.conf -h /etc/hosts

and this is a process that rewrites the /etc/hosts file.
This rewriting make dhcpleases kicks unbound around.

You said (again) :

@Crunk_Bass said in DNS Resolver & DHCP Server are constantly restarting:

disabled "Register DHCP leases in the DNS Resolver"

and thus dhcpleases should not run.
Or, it's that process that restart unbound - see your own logs.

I advise you to :

@Crunk_Bass said in DNS Resolver & DHCP Server are constantly restarting:

disabled "Register DHCP leases in the DNS Resolver"
disabled "Register DHCP static mappings in the DNS Resolver"
disabled DNS Resolver to see, if it stops DHCP restarting -> it doesn't
disabled all DHCP Servers to see, if it stops DNS Resolver restarting -> keeps restarting

and then, check what's still running, and kill them all.

Then restart unbound (resolver) and DHCP servers one by one - pause and observe behaviour in logs after each start.

Crunk_Bass · Nov 5, 2019, 5:15 PM

Hi and thank you for your reply.

When I stop unbound and check for running processes there is no unbound running.

[2.4.4-RELEASE][admin@gateway.REDACTED.TLD]/root: ps ax | grep unbound
21735  0  S+         0:00.00 grep unbound
[2.4.4-RELEASE][admin@gateway.REDACTED.TLD]/root:

After stopping all DHCP servers the following processes are running:

[2.4.4-RELEASE][admin@gateway.REDACTED.TLD]/root: ps ax | grep dhcp
 4049  -  S          0:00.00 /bin/sh /var/etc/dhcp6c_wan_script.sh
56033  -  Ss       618:49.04 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -l /tmp/haproxy_chroot/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
97216  -  Ss         0:01.42 /usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_pppoe0.pid pppoe0
14705  0  S+         0:00.00 grep dhcp
[2.4.4-RELEASE][admin@gateway.REDACTED.TLD]/root:

The DHCP log keeps getting spammed by DHCP6 client:

Nov 5 17:12:53	dhcp6c	97216	Sending Solicit
Nov 5 17:12:54	dhcp6c	97216	Sending Request
Nov 5 17:12:54	dhcp6c	97216	dhcp6c Received REQUEST
Nov 5 17:12:54	dhcp6c	97216	status code for NA-0: no addresses
Nov 5 17:12:55	dhcp6c	97216	Sending Solicit
Nov 5 17:12:57	dhcp6c	97216	Sending Request
Nov 5 17:12:57	dhcp6c	97216	dhcp6c Received REQUEST
Nov 5 17:12:57	dhcp6c	97216	status code for NA-0: no addresses
Nov 5 17:12:58	dhcp6c	97216	Sending Solicit
Nov 5 17:12:59	dhcp6c	97216	Sending Request
Nov 5 17:13:00	dhcp6c	97216	dhcp6c Received REQUEST
Nov 5 17:13:00	dhcp6c	97216	status code for NA-0: no addresses
Nov 5 17:13:02	dhcp6c	97216	Sending Solicit
Nov 5 17:13:03	dhcp6c	97216	Sending Request
Nov 5 17:13:03	dhcp6c	97216	dhcp6c Received REQUEST
Nov 5 17:13:03	dhcp6c	97216	status code for NA-0: no addresses

My WAN connection uses DHCP6 and I confimed IPv6 connectivity.
WAN has an address and IPv6 is routed as expected.

After killing

97216  -  Ss         0:01.42 /usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_pppoe0.pid pppoe0

I lost IPv6 connectivity and the spamming of DHCP log by DHCP6 client stopped.
So I reconnected WAN and the spamming was back.

Nov 5 17:26:20	dhcp6c	97216	Start address release
Nov 5 17:26:20	dhcp6c	97216	Sending Release
Nov 5 17:26:20	dhcp6c	97216	remove an address 2003:REDACTED:d1d4/64 on igb0
Nov 5 17:26:20	dhcp6c	97216	dhcp6c Received RELEASE
Nov 5 17:26:20	dhcp6c	97216	status code: success
Nov 5 17:26:21	dhcp6c	97216	exiting
Nov 5 17:30:56	dhcp6c	74412	failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
Nov 5 17:30:56	dhcp6c	74412	failed initialize control message authentication
Nov 5 17:30:56	dhcp6c	74412	skip opening control port
Nov 5 17:30:57	dhcp6c	74510	Sending Solicit
Nov 5 17:30:58	dhcp6c	74510	Sending Request
Nov 5 17:30:58	dhcp6c	74510	dhcp6c Received REQUEST
Nov 5 17:30:58	dhcp6c	74510	add an address 2003:REDACTED:d1d4/64 on igb0
Nov 5 17:30:58	dhcp6c	74510	status code for NA-0: no addresses
Nov 5 17:31:00	dhcp6c	74510	Sending Solicit
Nov 5 17:31:01	dhcp6c	74510	Sending Solicit
Nov 5 17:31:03	dhcp6c	74510	Sending Solicit
Nov 5 17:31:07	dhcp6c	74510	Sending Solicit
Nov 5 17:31:15	dhcp6c	74510	Sending Solicit
Nov 5 17:31:32	dhcp6c	74510	Sending Solicit
Nov 5 17:31:33	dhcp6c	74510	Sending Request
Nov 5 17:31:33	dhcp6c	74510	dhcp6c Received REQUEST
Nov 5 17:31:33	dhcp6c	74510	status code for NA-0: no addresses
Nov 5 17:31:35	dhcp6c	74510	Sending Solicit
Nov 5 17:31:36	dhcp6c	74510	Sending Request
Nov 5 17:31:36	dhcp6c	74510	dhcp6c Received REQUEST
Nov 5 17:31:36	dhcp6c	74510	status code for NA-0: no addresses
Nov 5 17:31:37	dhcp6c	74510	Sending Solicit
Nov 5 17:31:38	dhcp6c	74510	Sending Request
Nov 5 17:31:38	dhcp6c	74510	dhcp6c Received REQUEST
Nov 5 17:31:38	dhcp6c	74510	status code for NA-0: no addresses
Nov 5 17:31:40	dhcp6c	74510	Sending Solicit
Nov 5 17:31:41	dhcp6c	74510	Sending Request
Nov 5 17:31:41	dhcp6c	74510	dhcp6c Received REQUEST
Nov 5 17:31:41	dhcp6c	74510	status code for NA-0: no addresses
Nov 5 17:31:43	dhcp6c	74510	Sending Solicit
Nov 5 17:31:44	dhcp6c	74510	Sending Request
Nov 5 17:31:44	dhcp6c	74510	dhcp6c Received REQUEST
Nov 5 17:31:44	dhcp6c	74510	status code for NA-0: no addresses
Nov 5 17:31:46	dhcp6c	74510	Sending Solicit
Nov 5 17:31:47	dhcp6c	74510	Sending Request
Nov 5 17:31:47	dhcp6c	74510	dhcp6c Received REQUEST
Nov 5 17:31:47	dhcp6c	74510	status code for NA-0: no addresses

@Gertjan said in DNS Resolver & DHCP Server are constantly restarting:

and thus dhcpleases should not run.
Or, it's that process that restart unbound - see your own logs.

dhcpleases was running because I enabled it again after disabling didn't change the behaiviour.

@Gertjan said in DNS Resolver & DHCP Server are constantly restarting:

Then restart unbound (resolver) and DHCP servers one by one - pause and observe behaviour in logs after each start.

After starting only unbound with DHCP Registration and Static DHCP disabled unbound gets restarted every time dhcp6c is logging "Sending Solicit"

So I checked my WAN settings and compared it to another pfSense firewall I am running with the same ISP (Deutsche Telekom Business).
Under DHCP6 Client Configuration there is an option called Request only an IPv6 prefix (Only request an IPv6 prefix, do not request an IPv6 address).
After enabling the checkbox the spamming of DHCP logs by DHCP6 client stopped and unbound is running without getting restarted.
DHCP servers are also running again with no issues.

I have no idea why it was working fine for 2+ years without the "Request only an IPv6 prefix" option checked.
Maybe the ISP changed some settings on their side.

Thank you very much @Gertjan for pointing me in the right direction.