Switched to Python unbound Mode and now have issue

netblues · Mar 29, 2021, 7:15 PM

@bbcan177 No such file exists
Even tried touching and disabling - reenabling.

Is the file name correct?

BBcan177 · Mar 29, 2021, 7:17 PM

@netblues
Did you enable Python mode and Safe Search? Then Run a Force Update.

RonpfS · Mar 29, 2021, 7:18 PM

@netblues Maybe save DNSBL Settings, SafeSearch Settings, Force Update / Reload ALL while monitoring pfblockerng.log.

McFuzz · Mar 29, 2021, 7:55 PM

@bbcan177 said in Switched to Python unbound Mode and now have issue:

@netblues
Did you enable Python mode and Safe Search? Then Run a Force Update.

So - this worked for me, but only after I’ve done a second time! After the first time I had the same issue and after doing the second time, it started working flawlessly. Odd... could be something on my end but so far, everything’s working well.

netblues · Mar 29, 2021, 7:58 PM

Enabled safesearch, enabled python mode., applied and force updated

Loading DNSBL Statistics... completed
Loading DNSBL SafeSearch... enabled
Loading DNSBL Whitelist... completed
DNSBL - SafeSearch changes found - Rebuilding!

-Assembling DNSBL database...... completed [ 03/29/21 22:26:48 ]
Removing DNSBL Unbound python integration settings
DNS Resolver ( enabled ) unbound.conf modifications:
Removed DNSBL Unbound Python mode
Removed DNSBL Unbound Python mode script

Saving DNSBL statistics... completed [ 03/29/21 22:31:10 ]
Resolver Live Sync analysis... completed [ 03/29/21 22:31:24 ]
Resolver Live Sync finalizing:

And hungs there, with no dns service, unbound process at 100% for 15 minutes now..

After killing unbound process
Resolver Live Sync ... FAILED!
Stopping Unbound Resolver
Unbound stopped in 1 sec.
Additional mounts:
Unmounting: /lib
Removing duplicate mounts (2): /dev
Unmounting: /var/log/pfblockerng
Unmounting: /usr/local/share/GeoIP
Removing DNSBL Unbound python mounts:
Unmounting: /usr/local/bin
Removing: /var/unbound/usr/local/bin
Unmounting: /usr/local/lib
Removing: /var/unbound/usr/local/lib
Removing: /var/unbound/usr/local
Removing: /var/unbound/usr

Starting Unbound Resolver... completed [ 03/29/21 22:46:33 ]
DNSBL update [ 801834 | PASSED ]... completed [ 03/29/21 22:46:35 ]

and safesearch appeared on google search
python mode was found disabled again.

Re enabled python mode in resolver at this stage
and
Mar 29 22:55:55 unbound 55552 [55552:1] error: pythonmod: Exception occurred in function operate, event: module_event_new
Mar 29 22:55:55 unbound 55552 [55552:1] error: pythonmod: python error: Traceback (most recent call last): File "pfb_unbound.py", line 1147, in operate if qstate_valid and pfb['safeSearchDB']: KeyError: 'safeSearchDB'

STILL NO FILE!!!

netblues · Mar 29, 2021, 7:59 PM

@mcfuzz Is python mode on in resolver?

RonpfS · Mar 29, 2021, 8:08 PM

@netblues said in Switched to Python unbound Mode and now have issue:

Re enabled python mode in resolver at this stage

You can not simply enable Python in DNS Resolver / General Settings tab, you have to do that in pfBlockerNG / DNSBL tab, then run a Force Update.

McFuzz · Mar 29, 2021, 8:24 PM

@netblues said in Switched to Python unbound Mode and now have issue:

@mcfuzz Is python mode on in resolver?

Yessir.

netblues · Mar 29, 2021, 8:25 PM

@ronpfs I did that, initially.
exactly as instructed!

RonpfS · Mar 29, 2021, 8:28 PM

@netblues Same result with a Force Reload All?

netblues · Mar 29, 2021, 9:00 PM

@ronpfs it does take time doing aaforce reload

RonpfS · Mar 29, 2021, 9:30 PM

@netblues 5-30 mins should be enough. But if some lists timeout after 5 mins, Update time can be much longer.

What kind of machine ? Under 4GB you have to limit the size of Feeds.

You may also have some lists that break DNSBL. Maybe disable all Groups and enable only one at a time to see if that complete fine.

Maybe something is running wild, was it rebooted lately?

netblues · Mar 30, 2021, 8:06 AM

@ronpfs @ 4Gigs, runs under kvm.
Disabled all tld option, for speedier updates.
I'm aware of lists overload et all. Without python mode, cron updates are normal, and force update complete in about 10-12 minutes.
Still, I can't enable python mode without loosing dns resolution.
So update fails due to no resolving.

Looks like a corner situation.

Gertjan · Mar 30, 2021, 9:56 AM

@netblues said in Switched to Python unbound Mode and now have issue:

about 10-12 minutes

That's ..... long. Slow connection ? Huge number of feeds ? Both ? Underpowered device ?
But even so, during the update, unbound - and the underlying extension python script, just takes a couple of seconds to restart. Surely non "10 minutes".

It's possible that the download saturates the download "pipe", so even DNS traffic suffers. All your traffic could suffer from this.
One of the reasons I update my feeds ones a week at 0300 AM. As most lists - you can see the date/time stamp info - is updated less often then that.

netblues · Mar 30, 2021, 10:00 AM

@gertjan Downloads are instant.
Filtering through 1m takes most of the time.
And no, the pipes are not saturated @100Mbits

And dns doesn't suffer overall.
If I get the dreaded error in resolver logs, no resolution is possible.
Ping with ip works great.

I need to experiment a bit more, but since this is service affecting during normal hours