Replace unbound v1.13 with v1.12
-
Hello,
Since pfSense 2.5, there's an issue with the DNS Resolver a.k.a unbound.
It crashes a lot, and when using the "Service Watchdog" package, it can get stuck in some kind of infinite loop.See Redmine Issue #11316, along with related unbound issue on GitHub.
Since then
- The package unbound112 is provided.
- Apparently, pfSense Plus 21.05 was released with unbound 112.
- But no new pfSense CE release was made with unbound112 by default.
How can I replace my "unbound" package with the more stable "unbound112" ?
It fails when I try the following :
pkg-static install unbound112
I actually need to run it twice to get it to notice that it needs to remove the conflicting package unbound v1.13
Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): New packages to be INSTALLED: unbound112: 1.12.0_1 [pfSense] Number of packages to be installed: 1 The process will require 8 MiB more space. 1 MiB to be downloaded. Proceed with this action? [y/N]: y [1/1] Fetching unbound112-1.12.0_1.txz: 100% 1 MiB 1.2MB/s 00:01 Checking integrity... done (1 conflicting) - unbound112-1.12.0_1 [pfSense] conflicts with unbound-1.13.1 [installed] on /usr/local/etc/unbound/unbound.conf.sample Checking integrity... done (0 conflicting) Conflicts with the existing packages have been found. One more solver iteration is needed to resolve them. The following 3 package(s) will be affected (of 0 checked): New packages to be INSTALLED: unbound112: 1.12.0_1 [pfSense] Number of packages to be installed: 1 The process will require 8 MiB more space. Proceed with this action? [y/N]: y Fetching unbound-1.13.1.txz: 100% 1 MiB 1.2MB/s 00:01 [1/3] Deinstalling unbound-1.13.1... [1/3] Deleting files for unbound-1.13.1: 100% [1/3] Installing unbound-1.13.1... ===> Creating groups. Using existing group 'unbound'. ===> Creating users Using existing user 'unbound'. [1/3] Extracting unbound-1.13.1: 100% [2/3] Installing unbound112-1.12.0_1... pkg-static: unbound112-1.12.0_1 conflicts with unbound-1.13.1 (installs files into the same place). Problematic file: /usr/local/etc/unbound/unbound.conf.sample
Then when I run the same command a 2nd time :
Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking integrity... done (2 conflicting) - unbound112-1.12.0_1 [pfSense] conflicts with unbound-1.13.1 [installed] on /usr/local/etc/unbound/unbound.conf.sample - unbound112-1.12.0_1 [pfSense] conflicts with unbound-1.13.1 [pfSense] on /usr/local/etc/unbound/unbound.conf.sample Checking integrity... done (0 conflicting) The following 5 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: pfSense: 2.5.1 php74-pfSense-module: 0.69_1 strongswan: 5.9.1 unbound: 1.13.1 New packages to be INSTALLED: unbound112: 1.12.0_1 [pfSense] Number of packages to be removed: 4 Number of packages to be installed: 1 The operation will free 3 MiB. Proceed with this action? [y/N]: y pkg-static: Cannot delete vital package: pfSense! pkg-static: If you are sure you want to remove pfSense, pkg-static: unset the 'vital' flag with: pkg set -v 0 pfSense
I get an error saying that I can't uninstall pfSense 2.5.1. Which makes sense, I actually just want to replace the unbound package, not downgrade the whole thing.
- The package unbound112 is provided.
-
@amestag You could just wait a week or two for 2.5.2 instead of potentially breaking your system.
-
@kom First of all, I do everything in a virtual machine first to make sure I won't break anything in production :-)
(Although I admit it's not ideal : I still didn't see that unbound crashed when I tested on a virtual machine)How do I know pfSense 2.5.2 will be out in 1 or 2 weeks ? If so, great, but if not, I can't wait around and do nothing :
@amestag You could just wait a week or two for 2.5.2 instead of potentially breaking your system.
My system is actually broken right now, which why I'm looking for a solution right now too.
Is it actually possible to make use of the "unbound112" package or not ?
I also noticed that there may be a fix on the unbound side, and that it's been imported for v1.13.1_2, but I do not know when it will be made available for all either.
-
@amestag said in Replace unbound v1.13 with v1.12:
How do I know pfSense 2.5.2 will be out in 1 or 2 weeks ?
Just a guess. Netgate has said that CE releases will shortly follow Plus releases.
My system is actually broken right now, which why I'm looking for a solution right now too.
I would use forwarder temporarily until a real fix is available to you.
Is it actually possible to make use of the "unbound112" package or not ?
I doubt anyone has tried.
-
Just a guess. Netgate has said that CE releases will shortly follow Plus releases.
Alright, I can't wait for it but I will keep an eye out
I would use forwarder temporarily until a real fix is available to you.
I will look into this too. I just need to have another DNS server to forward too, but that might be doable.
I doubt anyone has tried.
Alright, got it
-
@amestag said in Replace unbound v1.13 with v1.12:
I just need to have another DNS server to forward too
There's only about a million of them. 1.1.1.1, 4.4.4.4, 8.8.8.8, your ISP...