Reducing Unbound restarts with DHCP hostnames?
-
I've noticed a lot of restarts with Unbound every time a DHCP offer occurs in the system log, I gather this is "normal" when you have it set to put hostnames in the DNS records (which I want to have for most of my VLANs for reasons, so I don't have to manually manage everything static...which would defeat the point of DHCP)
Most of the requests though seem to be from IoT stuff which I have on a separate VLAN, and care much less about.
Is there some way I can have the DHCP hostnames imported to DNS but only for certain interfaces/VLANs to reduce the number of restarts to a more manageable level?
-
Yes, it is possible to turn off the DHCP -> DNS registration in certain networks (doesn't matter if they're VLANs or not). At the top of the DHCP Server settings, there should be a tab for each network on pfSense. Turn off that setting for the ones you don't want it happening on.
Another way to reduce it would be to extend the lease time. Maybe make it 2-3 days instead of 1? Remember that leases renew halfway through the lease time, so if the lease time is one day, your hosts are actually renewing twice in that day.
-
Are you using pvBlocker-NG with the new unbound python code?
Python DNSBL mode is not compatable with the DNS Resolver DHCP Registration option (Unbound will Crash)!
-
What about unchecking DHCP Reintegration under the Resolver settings ?
For all the devices that need to have a hostname registered, make a static lease. -
@smokinmojoe said in Reducing Unbound restarts with DHCP hostnames?:
Are you using pvBlocker-NG with the new unbound python code?
Python DNSBL mode is not compatable with the DNS Resolver DHCP Registration option (Unbound will Crash)!
@smokinmojoe No, not using pfblocker or any other filters. Sadly, I gave up on those when I was spending all my time trying to make various applications and boxes work properly (e.g. games inexplicably not working, apps giving cryptic "you aren't connected to Internet" errors, Amazon dogs, etc).
I also do not have the "Python Module" box checked in DNS Resolver settings, I don't know what it does and haven't touched it.
-
@virgiliomi said in Reducing Unbound restarts with DHCP hostnames?:
Yes, it is possible to turn off the DHCP -> DNS registration in certain networks (doesn't matter if they're VLANs or not). At the top of the DHCP Server settings, there should be a tab for each network on pfSense. Turn off that setting for the ones you don't want it happening on.
Another way to reduce it would be to extend the lease time. Maybe make it 2-3 days instead of 1? Remember that leases renew halfway through the lease time, so if the lease time is one day, your hosts are actually renewing twice in that day.
Already set the DHCP time to 7 days for my IoT vlan and 1 day for everything else...it helps but some things appear to re-request DHCP every time they roam between access points (I have 3 APs to cover the house).
I don't see a place on the DHCP server to uncheck the integration per interface/network/vlan -- I only see DHCP Server > (select interface tab) > Advanced > DynamicDNS which is not configured. The only place I saw to enable the DHCP hostname import was on the DNS Resolver config page which doesn't specify which networks it will act on.
-
@mmiller7 said in Reducing Unbound restarts with DHCP hostnames?:
it helps but some things appear to re-request DHCP every time they roam between access points (I have 3 APs to cover the house).
When a Wifi == radio connection goes down, because out of range or bad reception, and it comes back again, then this event is handled as a wired LAN connection taken out of the plug, and put back again : it fires a DHCP request.
Wifi connection provoke many DHCP events because of this.@mmiller7 said in Reducing Unbound restarts with DHCP hostnames?:
I don't see a place on the DHCP server to uncheck the integration per interface/network/vlan -- I only see DHCP Server > (select interface tab) > Advanced > DynamicDNS which is not configured.
Me neither ^^
This :
What about unchecking DHCP Reintegration under the Resolver settings ?
is valid for all leases.Normally, you don't care what the host name of a temporary visitor is anyway. It's not used as a server type of device anyway.
If you do : give all your your known devices a static DHCP lease and your done : no more unbound restarts.
"Works fine for me"Btw : example :
On your public portal wifi network right know :Now why would I need this to be registered in my local DNS ?
Right. I don't. -
I have one other idea if I can't reduce the restarts...though rather hacky -- I could make a script that runs once a minute and checks the unbound "uptime"; dumping the cache if it's more than ~2 minutes or doing a boatload of 'nslookups' to help re-precache stuff that was in the last dump if it's been reloaded.
I don't like the idea, but maybe it would at least help the symptom I'm experiencing where right after Unbound restart the first few web-sites will take 10-20 seconds longer for all the stupid scripts/includes/nonsense that they load from hundreds of different domains. Once the cache is "built" everything seems super-speedy from then on. I'm guessing the lag is related to query-name-minimization combined with DNSSEC and SSL/TLS for outgoing queries making it take longer than "plain" unsecure DNS even though I'm using 1.1.1.1 and 8.8.8.8 as my upstream servers.
-
Just un check
and I'll bet you'll be happy.
No more unbound restarts.
Mine keeps on running for days if not weeks.
No matter how many DHCP is coming in. -
@gertjan said in Reducing Unbound restarts with DHCP hostnames?:
Just un check
and I'll bet you'll be happy.
No more unbound restarts.
Mine keeps on running for days if not weeks.
No matter how many DHCP is coming in.Won't that break my being able to find machines by hostname if I don't then manually configure static IP reservations and static DNS?
I do frequently use hostnames on my main subnet to move between systems (e.g. SSH/VNC) and I don't want to break that on my main subnet, nor do I want to have to manually configure dozens of machines (including any time I happen to grab a different USB NIC or change wired/wifi which changes the MAC and breaks DHCP reservations). The system hostname "just works" across all this.
-
I agree w. Gertjan
Or if you insist on dhcp in dns , just move the dhcp and dns services to a linux server it does excellent dhcp registrations , and have unbound use that/those as upstream server(s).
That's what i do.
But be prepared to spend some time configuring the linux config files.
/Bingo
-
@mmiller7 said in Reducing Unbound restarts with DHCP hostnames?:
Won't that break my being able to find machines by hostname if I don't then manually configure static IP reservations and static DNS?
I do frequently use hostnames on my main subnet to move between systems (e.g. SSH/VNC) and I don't want to break that on my main subnet, nor do I want to have to manually configure dozens of machines (including any time I happen to grab a different USB NIC or change wired/wifi which changes the MAC and breaks DHCP reservations). The system hostname "just works" across all thisI guess not.
I de activated DHCP-lease-in-local-DNS-registration years ago, as soon as I found out that a new lease was transmitted to the DNS with this method : "Kill the DNS so it reads the new situation when it starts, loosing the entire cache while doing so".
Normally, this was't really an issue. Internet access is fast, etc etc.
But a new package showed up : pfBlockerNG and this one can make (that is : the admin can make it) very slow at starting up.Many forum messages showed up like : my DNS is ko for some time every xx hours. Whatsup ?
Or even better : "that new dirty cheap conected photo player "from the east" was asking for a leases every 30 seconds and now my DNS is dead ?!!" (and where is it sending my photos ?)My windows PC's network as show in Explorer works just fine. All the devices are there.
Bonjour mDNS, Avahi, DNLA, Apple TV"s MI5 boxes, Wifi access points, and what possible local-discovery works just fine.Now about that printer somewhere in the office that calls itself "BR214HGAKBB" because that is the build in host name..... do you really want to keep that name ?
Or do you want to rename it like Printer1A "without even admining it" by creating a DHCP static MAC leases you can organise your LAN IP pool as YOU see fit.On the other hand : most of the devices are never accessed by you anyway .... so no need to know there IP neither their host name.
True is, on my own company network I 'fixed' every IP for every device. About 50 of them.
It's a one time job. Now I have a list of every device in my LAN in one place.Btw : In foresee a future where DHCP leases are communicated to unbound using a better way, same wise as pfBlocker now uses (python) scripting to communicate with unbound. That will solve the issue for good.
-
@gertjan said in Reducing Unbound restarts with DHCP hostnames?:
I de activated DHCP-lease-in-local-DNS-registration years ago, as soon as I found out that a new lease was transmitted to the DNS with this method : "Kill the DNS so it reads the new situation when it starts, loosing the entire cache while doing so".
That was fixed in 2.5
-
@viktor_g said in Reducing Unbound restarts with DHCP hostnames?:
That was fixed in 2.5
As I said, the future ^^