circuit bouncing and DNS
-
@ryno5514 said in circuit bouncing and DNS:
Keep in mind :
I am not 100% sure but this might have fixed it, waiting for a bounce again. Will this cause issues with IPs changing on the an aliases updates?
The "DHCP registration" unchecked results in unbound being restarted less often.
In the system logs you can see for yourself if dpinger restarts the WAN connection/interface. Normally, this is a good thing, but it can also make things worse, and transforms pfSense entirely in some sort of network on/off switch.
Whats happing, I guess, is : upstream you have a lot of traffic congestion. The regular dpinger ping starts to notice this (can be seen in the logs) and it restarts the WAN, which will restart other services like unbound. -
@Gertjan Thats correct the link at the areas local hub is "well over 80%" this is my home internet and this issue is causing so many issues I am running off a cradle point most of the day. That being said my company is putting in business class circuit so we can escalate the capacity issue.
In the mean time I really hate having to reboot my firewall 10+ times a day. Is there anything you can think of that can kick start the DNS "unbound" into working again without reboot?
Really trying to avoid moving all my traffic over to my lab Velocould and FE60.
-
To be sure, check this option :
if the WAN still goes bad, your issue is most probably upstream.
-
@Gertjan said in circuit bouncing and DNS:
To be sure, check this option :
if the WAN still goes bad, your issue is most probably upstream.
Turning that off also.
-
Are you policy routing traffic from clients out of the WAN gateway? You mentioned you're using aliases to route traffic.
If the default route from the firewall in System > Routing > Gateways is set to auto still it may be choosing a bad gateway when the WAN goes down. Make sure it's set to WANGW or a valid failover group etc.
In that situation Unbound will not be able to resolve as won't have a route but clients that are hitting policy routing rules will still be able to connect by IP.
Steve
-
The edits @Gertjan had be make seems to helped a good amount. I am only having this issue when the Comcast link goes down for more than a few minutes. I updated the "Disable Gateway Monitoring Action" this morning so waiting on a bounce to happen.
Yesterday I only needed to hard reboot 2 times so this is much better.
-
You should, obviously, not need to reboot at all.
Was the default gateway already set to WAN_DHCP?
Steve
-
@stephenw10 Yes it was.
So after the edit to "Disable Gateway Monitoring Action" and the static DHCP it seems that all is much better now. I bounced 7 times yesterday and recovered each time all services.
I only worry about static DHCP is that going to mess any of my lookups up? or is that only for the LAN side?
-
@ryno5514 said in circuit bouncing and DNS:
I only worry about static DHCP is that going to mess any of my lookups up?
All the "Static DHCP" lease details are written to the system hosts file, so they are known 'for live'.
Lookups for a device will work, even if the device isn't present in the network, and the last recent lease expired.@ryno5514 said in circuit bouncing and DNS:
s that only for the LAN side?
"Static DHCP" are leases that the DHCP server hands out to devices on LAN's.
Has nothing to do with the WAN side, where a DHCP-client might be setup, so it can ask an IP/Gateway/DNS/etc from the upstream DHCP server, probably your ISP router .... which has a ... DHCP server on board. -
@Gertjan Fantastic sir. Looks a lot better, I have my second circuit being installed tomorrow and might put a Velo for a 3rd WAN link to be safe.
-
This post is deleted!
