Unbound crashes periodically with signal 11
-
@salander27-0 Yes, same here on my system..both were enabled and have quite some manual mappings in my system. After upgrade to 2.5 it seems unbound crashed about every ten minutes, after disabling register DHCP mapping it stopped crashing.
My System is based on a standalone AMD GX-412TC SOC having run pfSense stable for years now.
-
@salander27-0 I can confirm this as well, I have this option set with a handful of static mappings with hostname specified.
-
confirmed
-
@jimp I have successfully downloaded and installed unbound-1.13.1 from the devel repo now that the package has been built. No crashes yet, but none of the DHCP leases of my static leases (with hostname) have expired yet so I wouldn't expect crashes yet. I will update in a few hours once those leases start expiring.
OBSOLETE PLEASE SEE https://forum.netgate.com/post/966915
For anyone else who wishes to try unbound 1.13.1 (normal caveats about this being unsupported and at your own risk) I simplified the install command to the following:
pkg add -f https://files01.netgate.com/packages/pfSense_master_amd64-pfSense_devel/All/unbound-1.13.1.txzYou can roll back with:
pkg install -f unboundAfter either of these commands you will need to restart the unbound service to pick up on the new binary.
OBSOLETE PLEASE SEE https://forum.netgate.com/post/966915
-
@salander27-0 been running 1.13.1 for ~2hrs, no crashes yet!
1.13.0 crashed way more often, as evidenced in my earlier message -
Alright, it's been about 2 and a half hours since I installed unbound-1.13.1 on my system. I have stress-tested it by reducing the DHCP lease time to 120 seconds and have since seen hundreds of DHCP renewals (and subsequent unbound HUPs). Were this unbound 1.13.0 I would have likely seen dozens of crashes, however unbound 1.13.1 has been completely stable in that time.
At this point I believe the best course of option is for additional people to test to see if their issue is resolved with the updated version. If you are willing to take system backups and accept the (IMO very low) risk that you may need to reinstall pfSense completely if something goes wrong (so don't do this on your prod systems) then please follow the instructions in my previous comment to install unbound-1.13.1.
-
@salander27-0 I'm having similar results that you report. DHCP registration is turned back on, and no crashes so far. 1.13.1 seems to be an upstream solution.
-
I had a stable unbound service again after flushing all DHCP leases.
SOLUTION (in my case): FLUSH DHCP Leases
Details/ Follow-up is here:
https://forum.netgate.com/topic/161092/2-5-0-dns-service-stopping-randomly/5?_=1613861976462(sorry, if we may have opened a very similar thread to this topic)
-
@salander27-0 Thanks! This was really helpful. Seems to be working perfectly now.
-
@khuynh very well. Glad to help. Hit โlikeโ on the solution and spread the news.
-
@salander27-0 Thanks! That fixed it. I forced short leases to cause a lot of renewals, and since I installed unbound-1.13.1, I've had no crashes going on 18 hours now.
-
@fivetoedslothbear Yeah, I'm just past 24 hours myself without any crashes.
Also, to anyone who installed 1.13.1 please continue to follow this thread as you may need to manually install the patched unbound from the stable repositories if/when a patched version is pushed.
-
@salander27-0 Been having the same issue for the last 24 hours -- will try this solution and see if it works for me. I appreciate it mate. Have a good one.
-
I see that also on two 2.5.0 CE machines.
Disable "Register DHCP leases in the DNS Resolver" now and will have an eye on it. -
@salander27-0 :I tried this. Will report back. However, I never had "Register DHCP leases in the DNS Resolver" set.
-
Since the new version of Unbound fixes it, it's unlikely to actually be related to just that one setting (DHCP lease registration), but that is the fastest way to trigger it for some people.
I imagine others are/were hitting it as well in different ways. So there isn't a need to keep tracking potential causes now that we know the upgrade fixes it.
-
@jimp So is the plan then to push 1.13.1 to the stable repo or to try to bisect through the 1.13.1 release in order to find out which patch specifically fixes the issue and just apply that patch to the version in stable?
-
@salander27-0 said in Unbound crashes periodically with signal 11:
@jimp So is the plan then to push 1.13.1 to the stable repo or to try to bisect through the 1.13.1 release in order to find out which patch specifically fixes the issue and just apply that patch to the version in stable?
We'll bring in 1.13.1, there isn't a compelling case to do all the legwork to pick in partial changes at this point. 1.13.1 is a minor patch/bug fix release and the impact is low other than the fix for this which is highly beneficial.
-
@jimp Speak of the devil, looks like it's already been added to the stable repos.
For anyone coming into this thread now, you can run the following command to pull unbound 1.13.1 from the stable/2.5.x repo (I am unsure of how to update system packages from the UI, hopefully someone can chime in there):
pkg upgrade -f unbound(you should see that it is installing
unbound-1.13.1)
Make sure to restart unbound after this package installation.It is probably a good idea for those who have installed the devel package to do this as well just to ensure that your systems are not a mix of devel and stable packages.
-
There isn't a good way to do that from the GUI, but you could run
pkg upgrade -fy unboundfrom Diagnostics > Command Prompt. Be sure to restart the Unbound service from Status > Services after.From the CLI the easiest way to do both is
pkg upgrade -fy unbound; pfSsh.php playback svc restart unbound -
@jimp : I can confirm that the new version fixes it for us.
-
@salander27-0 fixed it for me too... thank you
-
thank you Jim.
This open and direct communication is really awesome! -
Fixed for me too, 24hrs with no unbound restarts...
-
Hi
After installing unbound-1.13.1 my unbound is still restarting from time to time.
My system have been unstable for a long time, but I haven't had the time to dig into it. Last week I figured out that it was the unbound which is restarting. So I updated to version 2.5. But still having issues.
I have "DHCP Registration", "Static DHCP" and "OpenVPN Clients" enabled in my DNS Resolver settings.
I will try to test further and report back
Kind regards
Jens M. Kofoed -
@salander27-0 said in Unbound crashes periodically with signal 11:
(you should see that it is installing unbound-1.13.1)
hmmm - running 21.02, figured hey why not upgrade unbound. Even though not seeing this issue.. But I don't see it updating to 1.13.1
[21.02-RELEASE][admin@sg4860.local.lan]/root: pkg upgrade -fy unbound Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be REINSTALLED: unbound-1.13.0_2 [pfSense] Number of packages to be reinstalled: 1 1 MiB to be downloaded. [1/1] Fetching unbound-1.13.0_2.txz: 100% 1 MiB 1.2MB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Reinstalling unbound-1.13.0_2... ===> Creating groups. Using existing group 'unbound'. ===> Creating users Using existing user 'unbound'. [1/1] Extracting unbound-1.13.0_2: 100% [21.02-RELEASE][admin@sg4860.local.lan]/root: pfSsh.php playback svc restart unbound Attempting to issue restart to unbound service... unbound has been restarted. [21.02-RELEASE][admin@sg4860.local.lan]/root:upon restart and looking in log - still seems to be 1.30.0
Feb 23 08:51:43 unbound 90907 [90907:0] info: start of service (unbound 1.13.0).
edit:
Didn't seem to update to 1.13.1[21.02-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf status version: 1.13.0 verbosity: 1 threads: 4 modules: 2 [ validator iterator ] uptime: 502 seconds options: control(ssl) unbound (pid 79734) is running... [21.02-RELEASE][admin@sg4860.local.lan]/root:An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
@jimp This (upgrade of unbound to 1.13.1) sad fully does NOT fix the issue on my system. Disabling DHCP leases fixed the restarts... but this package upgrade to 1.13.1 (and restart and re-enabling DHCP leases) brought the old behaviour back (restart of unbound about every 10 minutes in my case).
So actually 1.13.1 at least seems to not fully fix the problem for all systems.
UPDATE: but again also disabling DHCP leases again for/with 1.13.1 unbound fixes it again -
The symptom fixed by 1.13.1 is the crash/segfault.
"Restarting" is not a symptom of a problem, it's a side effect of using DHCP lease integration and is normal.
-
Upgraded unbound from the sable repo as described earlier, and still getting DNS Server crashes, not automatically restarting
Next time it happens I'll try and grab a log to post
-
@johnpoz said in Unbound crashes periodically with signal 11:
Didn't seem to update to 1.13.1
[2.5.0-RELEASE][root@priv.some-pfsense-local-network.net]/root: pkg upgrade unbound Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: unbound: 1.13.0_2 -> 1.13.1 [pfSense] Number of packages to be upgraded: 1 1 MiB to be downloaded. Broadcast Message from root@priv.brit-hotel-fumel.net (no tty) at 21:34 CET... Communications with UPS ups@10.0.0.4 lost y Broadcast Message from root@priv.brit-hotel-fumel.net (no tty) at 21:34 CET... Communications with UPS ups@10.0.0.4 established [1/1] Fetching unbound-1.13.1.txz: 100% 1 MiB 297.0kB/s 00:04 Checking integrity... done (0 conflicting) [1/1] Upgrading unbound from 1.13.0_2 to 1.13.1... ===> Creating groups. Using existing group 'unbound'. ===> Creating users Using existing user 'unbound'. [1/1] Extracting unbound-1.13.1: 100%..... and then I restarted unbound.
Btw : sorry : my UPS went to the toilet or something like that.
-
@johnpoz said in Unbound crashes periodically with signal 11:
Didn't seem to update to 1.13.1
I am seeing the same on my SG-1100 where the package is not updating.
[21.02-RELEASE]/root: pkg upgrade -fy unbound Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 1 package(s) will be affected (of 0 checked): Installed packages to be REINSTALLED: unbound-1.13.0_2 [pfSense] Number of packages to be reinstalled: 1 [1/1] Reinstalling unbound-1.13.0_2... ===> Creating groups. Using existing group 'unbound'. ===> Creating users Using existing user 'unbound'. [1/1] Extracting unbound-1.13.0_2: 100% -
Yeah not seeing this available, still
I have
[21.02-RELEASE][admin@sg4860.local.lan]/root: pkg info unbound unbound-1.13.0_2 Name : unbound Version : 1.13.0_2 Installed on : Tue Feb 23 08:53:42 2021 CST Origin : dns/unboundIf do upgrade unbound says nothing to do
WWW: https://www.nlnetlabs.nl/projects/unbound [21.02-RELEASE][admin@sg4860.local.lan]/root: pkg upgrade unbound Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) Your packages are up to date. [21.02-RELEASE][admin@sg4860.local.lan]/root:@Gertjan your on 2.5, I'm on 21.02
Take it this was only released for 2.5 and not 21.02
-
I think the common factor here is that both @johnpoz and @LostInIgnorance are using ARM devices here which presumably uses a different stable repository with ARM-specific packages.
Unfortunately I know little about this but perhaps @jimp can chime in with if/when an updated package can be expected to be available for that architecture.
-
@salander27-0 I am using a SG-5100 (not ARM) with 21.02 and no Unbound update is visible.
-
I'm on a sg-4860.. That is not arm either..
I do have some 3100's - but they are not even on 2.4.5p1 - since covid had already hit when that came out.. And sure wasn't going to update them when nobody in the office, etc.
-
I thought I already responded in this thread, might have been another. It's not up yet for 21.02, just 2.5.0.
The Plus repos are locked down while we work on the immediate fix needed for SG-3100. It'll be updated soon.
-
I'm getting unbound crashes with signal 8 - using unbound 1.13.1
-
That is unlikely to be the same issue as this, I'd keep that in its own thread.
-
Jim has it ever been considered to put unbound as a package in the package manager instead of only updating it with pfSense updates?
-
@chrcoluk said in Unbound crashes periodically with signal 11:
Jim has it ever been considered to put unbound as a package in the package manager instead of only updating it with pfSense updates?
It isn't an add-on package, so it doesn't belong there.
That said, we are considering ways to trigger updates on items included in the base system, but that's a longer-term goal.
These kinds of out-of-band updates are rare, though.
