Unbound stop working on 127.0.0.1 after 2.5.1 upgrade
after upgrading pfsense from 2.5.0 to 2.5.1 unboud stop responding on 127.0.0.1:
[2.5.1-RELEASE][admin@ids.********.**]/etc/defaults: dig @127.0.0.1 net.c:536: probing sendmsg() with IP_TOS=b8 failed: Can't assign requested address
[2.5.1-RELEASE][admin@ids.*********.**]/etc/defaults: ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address
unbound service starts:
[2.5.1-RELEASE][admin@ids.********.**]/etc/defaults: netstat -ln Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 10.10.200.2.443 10.10.15.3.56532 ESTABLISHED tcp4 0 44 10.10.200.2.22 10.10.15.3.37490 ESTABLISHED tcp4 0 0 10.10.200.2.22 10.10.15.3.37488 ESTABLISHED udp6 0 0 ::1.53 *.* udp4 0 0 127.0.0.1.53 *.*
On pfsense firewall we have snort and pfblockerNG, nothing is changed from 2.5.0, we have only upgraded pfsense.
Same here on 2.5.1. Added my information for this to this discussion:
I can add an information, my pfsense installation is on proxmox ve virtual machine.
As in the other thread :
The 'body' of the post proves the subject wrong.
It's more like :
Anything that needs / uses localhost 127.0.0.1 fails.
Anything can be many things. So, most probably, everything that uses local host fails, so it really looks like "its 127.0.0.1 that fails".
A nasty issue for sure. But - for ones ^^, not unbound related.
I mean, even "ping me" doesn't work anymore. That's .... unheard.
All this IMHO of course.
Btw : who's gona run several instances if pfSense on different type of machines so it gets known what 'hardware' is needed to trigger this issue.
And also : as setting up pfSense takes 5 minutes : reset to all default. NO user settings - no packages . Just pfSense 'from the shelves' : Does the issue persist ?
@gertjan not only 127.0.0.1....
problem is related to all interfaces... and i use a kvm virtual machine as usual.
@gertjan ok i have some new informations.
Problem appear if i insert 127.0.0.1 on GENERAL SETUP---DNS Server Settings
I use to have there 127.0.0.1 if pfsense is a dns resolver.
If i config with 127.0.0.1 GENERAL SETUP---DNS Server Settings as a default pfsense dns server there is the problem with interface lo0.
@juniper I tested it already without the 127.0.0.1 and get the same "problem". If I ask for a host dns recored that has a Host Overrides in the unbound setting it will resolve to the wrong IP. If I try to resolve it with the GUI DNS Lookup tool in pfsense I get a "No response" in the result. The external DNS servers are resolving correctly.
Only the 127.0.0.1 is not resolving.
@juniper Did you get a result for the resolve via the localhost ?
@sashli you have to change GENERAL SETUP---DNS Server Settings with an external server and after reboot pfsense server.
After you can ping 127.0.0.1 and unbound reply to 127.0.0.1 query
but if you change pfsense general setup dns doesn't work anymore.
Just as a summary :
- I think this was in pfsense before they introduced the option in the General Setup that the localhost DNS setting will be used as drop down, the locahost was set in the DNS Server as 127.0.0.1
- After updates to 2.5.1 things go wrong if you have the 127.0.0.1 in the General Setup , DNS Server Settings set as additional DNS Server to the option of " DNS Resolution Behavior " where you can already set that the locahost should be in use.
- If you did the settings wrong here, unbound will not be able to resolve and other effect I saw now on 2.5.0 that sometimes DNS resolve fails without reason
The bad news : this is not good.
The good news : it's a non issue, as adding 127.0.0.1 is not needed - it's already there.
I just added the missing ::1 (we all prefer IPv6, right ?) and that doesn't 'break' the localhost.
Now I have this :
and it works.
See if a reboot fixes it like this post.
virgiliomi last edited by virgiliomi
After removing 127.0.0.1 from the server list (since it's already covered by the dropdown further down) and rebooting, localhost DNS resolution is working again.
Of interesting note about this though... the Status > DNS Resolver page showed no statistics or data, even though resolution for other hosts on my networks was occurring without issue. But now that I made the above change, all appears to be working.
the Status > DNS Resolver page showed no statistics or data
Changing the DNS settings restart the Resolver, clearing all stats and cache.
I had this same issue. I didn't find this thread until this morning and adding ::1 did not work for me. However, what I found yesterday that did work was removing 127.0.0.1 and adding my router's local LAN address, in my case 192.168.2.1.
@garyn Remove everything in DNS and reboot.
It will work afterwards with no records.
@cool_corona I'll try it, thanks!