Switched to Python unbound Mode and now have issue
-
I switched to Unbound python mode and disabled DNS Resolver DHCP Registration option and DNS Resolver OpenVPN Client Registration. Everything seemed to start fine. When I turned on 'Enable DNSBL' I lose connect to everything.
I figure it is a DNS issue and I thought way back when I first setup pfBlockerNG I had a similar issue but I can't remember why or what I did to fix it. I am confused as to why switching to python mode would suddenly cause me issues. Any suggestions on what it could be or where to continue troubleshooting?
-
@thezfunk said in Switched to Python unbound Mode and now have issue:
When I turned on 'Enable DNSBL' I lose connect to everything.
When you install pfBlockerNG (latest version 3.0.0_8), using unbound mode, or Python, it does ... nothing.
Same thing for unbound mode.Then , two thing happens :
Settings are changed.
Feeds are activated.
If there is a DNS issue, undo one or both changes.What do you mean by DNS issue ? That rather vague as an problem description.
-
Your right, sorry. Between tired and frustrated I didn't get everything down coherently.
I was a couple version behind on the Dev. version as I had seen that there were a few issues that looked like they were resolved. Sequence of events:
- Stopped pfBlockerNG
- Upgraded
- Started pfBlockerNG and tested that it still worked fine.
- Did some testing for a few days no issue.
- Decided to switch to the python mode so I could start playing with REGEX at some point
- I had to turn off those two options in DNS Resolver before switching to python
- Switched to Unbound Python mode.
- Left it default (I think).
- Forced reloaded my DNSBL feeds.
- Turned DNSBL back on
- Lost DNS resolution network wide.
- Turned off DNSBL and got resolution back working.
-
@thezfunk When you switch/enable mode, you have to run a Force Update and Force Reload All.
Did you inspect pfblockerNG.log, Systems Logs, Resolver Logs ?
-
I do remember one other thing that happened just before I did the first force reload is that it was saying there was a cron job already running and wouldn't let me do a reload. I sat for quite a while and it appeared hung so I rebooted pfSense. Not sure if that means anything.
Well, it looks like I found a bit more information. When I start DNSBL and do a force reload. It looks like unbound DNS Resolver dies and won't restart until I turn off DNSBL and do another force reload. Why would that be happening?
-
@thezfunk Time to inspect pfblockerng.log
It looks like it didn't complete the Update at some point. -
@ronpfs said in Switched to Python unbound Mode and now have issue:
@thezfunk Time to inspect pfblockerng.log
It looks like it didn't complete the Update at some point.I think you still have to manually restart Unbound from the Dashboard after you stop and then restart DNSBL in pfBlockeringNG_devel.
It has been reported on this forum by others that if you wait a while, amount of time is unknown, it will restart on it's on but I've found it quicker to just click restart Unbound from the Dashboard.
Supposedly this will be fixed when pfSense 2.5 is released and python mode is fully compatible/implemented with pfBlockerNG-devel.
-
Hello!
Maybe related to this? :
https://github.com/NLnetLabs/unbound/issues/372
What about adding unbound to the Service Watchdog?
John
-
@serbus said in Switched to Python unbound Mode and now have issue:
What about adding unbound to the Service Watchdog?
Bad idea, Unbound or pfblockerNG services are not happy with it.
-
Well, I think I fixed it. After you pointing out that a file was missing according to the log, I just reinstalled it. This time, when I started DNSBL and checked the services, unbound DNS Resolver was still running and the logs showed the file was now in place. Whatever that python file it is that it looks for.
Right now I am slowly turning my feeds back on and it seems to be working. Now, if I can only figure out why my credit union Android app won't connect and the reports show nothing blocked for those IP address. Existing problem I started a thread on that this update doesn't seem to have solved.
-
@thezfunk Updating/Re-installing pfblockerNG while it is active is prone to fail.
Disable pfblockerNG before, update, review settings, enable, run Force Update, Force Reload All. -
@ronpfs said in Switched to Python unbound Mode and now have issue:
Bad idea, Unbound or pfblockerNG services are not happy with it.
Hello!
Unbound is listed as standard option for Service Watchdog. What sort of issues are there?
John
-
@serbus Search the forum to get more info. ;-)
-
@ronpfs said in Switched to Python unbound Mode and now have issue:
@thezfunk Updating/Re-installing pfblockerNG while it is active is prone to fail.
Disable pfblockerNG before, update, review settings, enable, run Force Update, Force Reload All.That is exactly what I did do originally. I was following the instructions laid out after other people had issues.
-
@serbus said in Switched to Python unbound Mode and now have issue:
Unbound is listed as standard option for Service Watchdog. What sort of issues are there?
You'll enter into timing critical issues, and these are, by there nature, very hard to debug.
The service watchdog exists to create a controlled major fail of the entire system .... and have it running to the bitter (close !) end.
See it like drilling extra holes into a sinking ship's hull to permit it to sink horizontally.
Remember Titanic ? Evacuation on a more then 45 ° deck angle is hard.edit :
a core pfBlockerNG-devel file can't be found. or, per instructions, unbound needs it to start.
It /var/unbound/pfb_unbound.py, should be there, after a pfBlockerNG-devel 3.0.0_8 install or upgrade. Things go bad without it. -
@gertjan said in Switched to Python unbound Mode and now have issue:
It /var/unbound/pfb_unbound.py, should be there, after a pfBlockerNG-devel 3.0.0_8 install or upgrade. Things go bad without it.
If the OP has Ramdisks enabled, that would wipe the /var/unbound folder and delete the Python script.
The Pkg needs to be re-installed and RamDisk option disabled.
-
@bbcan177 said in Switched to Python unbound Mode and now have issue:
@gertjan said in Switched to Python unbound Mode and now have issue:
It /var/unbound/pfb_unbound.py, should be there, after a pfBlockerNG-devel 3.0.0_8 install or upgrade. Things go bad without it.
If the OP has Ramdisks enabled, that would wipe the /var/unbound folder and delete the Python script.
The Pkg needs to be re-installed and RamDisk option disabled.
I did not but a reinstall did fix my issue.
