Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic DNS taking down PFSense

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 780 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      Thierry 1
      last edited by

      Hello,

      I had a lot of connectivity trouble lately with PFSense. My DNS would suddenly not resolve queries and the server becomes unresponsive. Sometime I could use the web interface to login and reboot the server. sometime, the web interface is not responsive and I can reboot using SSH. sometime, the server is unresponsive and I have to perform a hard reset.

      I tried few things:

      • move to pfsense plus with no luck
      • move to a test version with no luck
      • remove dpinger and pfbockerNG from Service WatchDog. I had less severe crashes but still, they happened to often
      • I switched to a different ISP. everything was running fine for few days. Suddenly, the server became unresponsive again.

      I noticed the Dynamic DNS feature would was trying to update the current public IP, but it was hanging. I tried to disable the dynamic DNS but the page would not open. I tried many other pages in the firewall and they could be open just fine. My guess is the Dynamic DNS feature was eating too much CPU all that time, making pfsense to become unresponsive and the connectivity will go down.

      I have turned off the Dynamic DNS feature and everything is fine again. I will keep an eye on the server for a few days to see if I have some randome crashes / hanging issues.

      I was using Dynamic DNS with cloudflare api token.

      -Thierry

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @Thierry 1
        last edited by

        @thierry-1

        You mean, showing this page :

        1cfdb662-a5bf-46c9-ae1e-078044a5203f-image.png

        doesn't work 'well' / slows down / aborts ?

        @thierry-1 said in Dynamic DNS taking down PFSense:

        Service WatchDog

        Only experts should use it.
        For you and me, don't install/use it.
        It makes things being works, masks the original erroneous situation. In one word : perfect to make a mess out of it.

        @thierry-1 said in Dynamic DNS taking down PFSense:

        I noticed the Dynamic DNS feature would was trying to update the current public IP, but it was hanging

        Yep.
        It visits :

        16b7c179-f5c6-40f8-9d61-b68913328032-image.png

        If pfSense can't 'visit' http://checkip.dyndns.org , then, yeah, you have a real issue.

        Let me try it out on the pfSense command line :

        [22.05-RELEASE][admin@pfSense.mylocalrubbish.]/root: curl http://checkip.dyndns.org
<html><head><title>Current IP Check</title></head><body>Current IP Address: 82.127.39.254</body></html>

        so it works.
        My WAN IP is shown.

        The origin of your issue might be this :

        @thierry-1 said in Dynamic DNS taking down PFSense:

        My DNS would suddenly not resolve queries

        Your "DNS" is most probably the resolver, 'unbound'.
        Go to the DNS Resolver log, here :

        a462fb09-d910-4c66-b1bd-4ca839e2222d-image.png

        and look (count) lines that look like this :

        4243e87e-ad34-427e-bf3d-cc60cac560f1-image.png

        Now, count the lines that contain

        start of service (unbound

        Type Ctrl-F, enter that string and count them.

        You can also see how long it takes for unbound to 'stop' and 'start'.
        Add to this knowledge : the time it shuts down, and starts, your DNS on your network (and for pfSense itself) doesn't answer ...

        Knowing all this : it might be a good thing to take measures so that unbound is restarted less often ;)

        Other forum threads also mention 'unbound' not answering any more. Or worse : it hangs.
        It could have been related to IPv6.

        I'm using 22.05 myself : no issues what so ever. Although I know where to look for, and I can smell a 'no DNS' situation from a mile away.
        I was using 2.6.0 before : no issues neither.

        @thierry-1 said in Dynamic DNS taking down PFSense:

        remove dpinger

        That's a system process.
        I wouldn't touch that.
        It just sends a ping every 100 ms or so. That shouldn't have an impact on your system.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        T 2 Replies Last reply Reply Quote 0
        • T Offline
          Thierry 1 @Gertjan
          last edited by

          @gertjan there was a DNS issue because the average dns resolution was 97s

          6fd708ca-89e2-4a3f-a865-b7a7be35d57d-image.png

          and yes, I could not open the Dynamic DNS page. the page will not open

          1 Reply Last reply Reply Quote 0
          • T Offline
            Thierry 1 @Gertjan
            last edited by

            @gertjan this was probably part of the reason I had so much trouble. I setup Inline blocking mode in Snort interface settings. Since I reverted that, things seem to work fine again. Almost 18hr without interruption.

            054fe1d7-70f9-4d6d-919e-18b454d8fe26-image.png

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan @Thierry 1
              last edited by

              @thierry-1

              Wait ....
              Because snort has nothing to do on the 'hot' side (WAN) as all traffic is already blocked in the first place, it decided to focus on your side (LAN) and makes your live miserable by blocking traffic from the firewall itself ??
              What was the reason you installed snort in the first place ? To do what ?

              But ok, you made a good choice : remove (snort) as much non essential stuff on your firewall : things work way better, less maintenance, less can go wrong. Use only what you can manage 👍

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.