pfSense resolver stops working
-
@maverickws yeah I guess
But come on, these streaming boxes don't normally do anything locally. If you do not have a GUA Ipv6 address, why waste cycles asking for AAAA
-
@johnpoz but in my case they aren't streaming boxes. They're application servers, database servers and alike. the webserver/dbserver was an accurate example of local connections here. We never connect to the web server using IPv6, but the web server does connect to services internally using ipv6. or used to, I guess.
-
@maverickws sorry I might of gotten a bit off topic, I was just bitching about IPv6 dns clients in general...
To me if you don't have a GUA, or at least ULA - there is zero point to asking for AAAA, sure ok maybe you have link local, but link local addresses don't belong in DNS..
https://www.ietf.org/rfc/rfc4472.txt
Operational Considerations and Issues with IPv6 DNSSection 2.1
Link-local addresses should never be published in DNS (whether in
forward or reverse tree), because they have only local (to the
connected link) significance [WIP-DC2005]. -
@maverickws said in pfSense resolver stops working:
I don't think it's memory related (could be wrong ofc) but I've never seen the pfSense be nowhere near it's limits either of memory or CPU.
It's related to memory allocation unbound uses internally for its local data, not the entire memory on the appliance running out.
See earlier post regarding unbound release 1.16.0 github notes
-
Hi guys I have an update on this, will update if it goes the other way:
I was doing some changes on my home pfsense (where I have pfblockerng etc) and all of the sudden dns went a-wire.
Ended up having to add thedo-ip6: nooption but that really wasn't making sense as I had updated in ages and haven't had issues so far. PLUS I have IPv6 here working well.So in the end I remembered I had enabled the
Experimental Bit 0x20 Supportoption.
Disabled it, haven't had issues since. A couple of hours.
So I'm wondering how's your setups and what conflict could it be. -
@maverickws Have had that enabled for YEARS.. zero issues with it.
-
i know i have it enabled at the pfsense on service and honestly thought it was so as well with the home pfsense. crossed my eyes on it, saw it was disabled, never gave it a thought, enabled. so far all ok since i disabled it again, let's see
-
@maverickws Did that end up fixing your issue?
-
@Erutan409
Hi there,From what I remember it solved my issue then, but I'm having another issue now I'll be making another topic for it.
-
@Erutan409 See if this means anything to you please
https://forum.netgate.com/topic/183918/unbound-resolver-failed-to-resolve-host
-
@maverickws Yeah, it also seems to be happening more frequently with me, too, all of a sudden.
