Unbound Stops Resolving, Needing To Restart Service To Rectify
-
Good evening,
As the title says, for the past two days I've had random loss of DNS, even though Unbound seems to remain up and running when the loss occurs. If I stop the service, and restart it, DNS works and pages once again open.
Any idea what could have started doing this? I know... Logs.
I will see if it happens again and check the logs when it does. I'm just wondering if anyone else had this issue. I've changed nothing, except upgrading to 2.4.5 a month ago. Before yesterday, it was running for 22 days without issue. I'm going to try a reboot tomorrow after some backups finish uploading.
-
Hi,
Several reasons could explain this behaviour.
Imagine some bad NIC or cable in your network.
A device receives a constant link-down, link-up, ink-down, link-up,ink-down, link-up .....
Every time the links comes up, it starts doing what every device does : it launches a DHCP request.
Our pfSense DHCP server offers one. The device accepts. The pfSense DHCP server registers the IP and device host name into the (known) hosts file.
And informs the resolver (unbound) so it knows that there is a new kid in the block.Read the description of this resolver / unbound option :
Do you have this option checked ?
If so, and the condition I mentioned exists, or you just have that rogue device that asks for a DHCP lease every 10 seconds or so, your unbound will get restarted as many times. Bringing DNS functionality to a complete halt.Btw : this is just a story in the top ten "how to blow DNS out of the water". Others famous ones exist.
Like asking for DNSSEC, and passing on your private DNS to some remote DNS harvester (forwarding).
Or very strange DNS settings "because some dude on Youtube told to do so".
The "Install pfBlockerNG-devel and activate all the feeds it proposes" is also very popular and radical.
Etc.As you said : the answers are one click away : the logs.
-
Gertjan,
Good day, and thanks for the information. I had read about that issue, but no, I do not have that checked. I use this at home, and am generally very careful with changes I don't understand.
I'm going to try restarting, but I want to see if it happens again so I can examine the logs first. Perhaps it's some random issue. I have not made any changes, and this started out of the blue.
Do you have any log recommendations? I have it set to basic only so I am more likely to see major events, instead of every detail being processed.
Thanks for the help...
Steven -
Your second image confirms :
@Gertjan said in Unbound Stops Resolving, Needing To Restart Service To Rectify:Like asking for DNSSEC, and passing on your private DNS to some remote DNS harvester (forwarding).
Asking for DNSSEC and forwarding, which means unbound becomes a simple forwarder, not a resolver, is useless;
@wormuths said in Unbound Stops Resolving, Needing To Restart Service To Rectify:
Do you have any log recommendations?
System and DNS logs
-
Gertjan,
Yeah, I had a discussion with someone else on here a while back about the resolving/forwarding thing. I'm a little confused about the intricacies of how this is handled.
Basically, I want DNS to be processed by Cloudflare, which it's doing. Those settings have been like that all along, but at the risk of "listening to some guy on the internet", I have unchecked the following settings. LOL
Thanks again,
Steven -
Waking this thread back up to see if a solution was found because I've been experiencing the same problem periodically with 2 difference devices.
One has DNSSEC Support enabled the other does not.
The one that does not keeps stopping unbound almost every evening, sometimes once a week.
Have you resolved your issue? If so how?
-
It's not because unbound does "DNSSEC checking" that unbound stops working.
And the other way around : If unbound is 'told' not to do DNSSEC checking then that won't make it stop neither.Check the system logs, and the Resolver logs for details and reasons.