DNS Resolver not resolving part 1234
-
-
@jrey said in DNS Resolver not resolving part 1234:
I've never had an issue with DNS resolver stopping or "Freezing"
and
@johnpoz said in DNS Resolver not resolving part 1234:
I don't recall ever having any issue where unbound just wouldn't resolve, but was still running
yup this ^
-
@henkbart said in DNS Resolver not resolving part 1234:
45451 - Is 0:00.00 /usr/local/sbin/dhcpleases -l /var/dhcpd/var/db/dhcpd.leases -d private.lan -p /var/run/unbound.pid -u /var/unbound/dhcpleases_entries.conf -h /etc/hosts
This is the one I was talking about when I mentioned the Resolver "DHCP Client Registration" check box, the option you don't have (under Services > DNS Resolver > General Settings) as you are running Kea ..... as in that case the option doesn't show up.
Is this correct, are you using Kea ?
Or Dhcpd ?If you are using kea, you should see this :
If you are using kea, this process "/usr/local/sbin/dhcpleases" can not - should not exist.
As this is the one that shoots unbound in the face every time ..... see above.edit :
You have this :
== kea DHCP checked ?
-
Lucky you,
But there are a lot of people having troubles with it, including me.
That makes it difficult to pinpoint the location of the problem.... -
@Gertjan
Yes i have the Kea DHCP enabled. -
Can you re confirm that this one :
= dhcpleases process - maybe it has another pid now - is still running ?
-
-
@henkbart said in DNS Resolver not resolving part 1234:
Lucky you,
But I think the point being made by both myself and @johnpoz is that is not likely a unbound issue as such.
many people do indeed report problems and when doing so they are assuming it to be unbound because that is what they see. But that is generally not the root cause..
They see the effect, not the cause.unbound generally just works. Right out of the box.
That's all we are saying.
@Gertjan is giving you some good advice on things to look for. including the current path you are on: re: DHCP.
edit: however if DHCP is causing the issue, you'd likely see a stream of unbound restarts and you say they are not there in the log. -
The problem is, that every now and then (and that could be weeks) i loses the ability to connect to the internet.
I have my own PBX here that uses VOIP and SIP trunks.
Some time they can no register with the host.
And from that time, also no other can connect to any internet address.
Modem is UP,
WAN is UP.
LAN is UP.
Than all DHCP mus fail because the are on differnt ip addresses.
But also no entries in the log files to give any clue.So where to look else for....
-
@henkbart said in DNS Resolver not resolving part 1234:
The problem is, that every now and then (and that could be weeks) i loses the ability to connect to the internet.
sounds interesting. so when you "lose the ability to connect to the internet" unbound would not be able to up stream resolve, but would still be running. If it can't talk upstream how would it resolve.
so the question you might start looking into is why have you lost ability to connect to the internet?
do you have a timestamp from the last time this happened?
check the logs (not unbound logs specifically) for events that might tell you why you lost the internet.
If you can't find anything in current logs regarding the last time it happened
Then the next time it does.... do this...
@johnpoz said in DNS Resolver not resolving part 1234:
A good test might be to try and resolve something just local.. say your pfsense fqdn via your fav local tool, nslookup, dig, host, doggo, etc.. Does that work, just not external? Its best to use a cmd line tool because then you can see the actual response from unbound, be it NX or servfail, refused, etc.
-
@henkbart said in DNS Resolver not resolving part 1234:
45451 root 1 52 0 12M 2252K kqread 1 0:00 0.00% dhcpleases
Ok.
Doesn't make any sense.I propose :
Switch back to 'dhcp' mode.
Save.
Goto the Resolver settings.
Now, the DHCP Client registration (and "Static DHCP Client Registration") should be visible.
Note that your "DHCP Client registration" is checked - is this the case ?
Uncheck it.
Save, and then Apply.Go back to System > Advanced > Networking and select kea again.
The "dhcpleases" process is gone now. Correct ?
Btw :
As far as I can see on my my pfSense, while using kea, the /var/dhcpd/var/db/dhcpd.leases file isn't used. That file is "watched" by the dhcpleases process, and if it changes, unbound is send a signal to restart.
So, harmess, I guess.
But still, strange, as it should even be started in the first place. -
@henkbart said in DNS Resolver not resolving part 1234:
The problem is, that every now and then (and that could be weeks) i loses the ability to connect to the internet.
You can check your uplink quality.
It should be constant, flat and as small as possible.
If it start to go up and down, or worse :- you are saturating your connection, and if the 'pipe', up or down is to full, dpinger starts to miss ping packets, it can go in panic mode, and 'restart' your WAN interface.
No need to explain that if the pipe (uplink) is bad or full, or not working well, the resolver can't do its work neither. Right ?
..... - call your ISP and say : good bye, I'll leave you for a better one.
- you are saturating your connection, and if the 'pipe', up or down is to full, dpinger starts to miss ping packets, it can go in panic mode, and 'restart' your WAN interface.
-
@Gertjan
Hello,
I did what you wrote.
Enable DHCP.
Got :
So disabled the DHCP Client Registration.
Saved it.
And then switch to KEAAnd the dhcpleases is gone now.
-
@Gertjan said in DNS Resolver not resolving part 1234:
dpinger starts to miss ping packets,
if that's the problem OP might be able to mitigate some of that by changing the ping times / loss interval etc or by selecting a different monitor IP. (if that is even setup)
Most users wouldn't notice the difference between the default 500ms setting and even 2-3-4 or 5 seconds.
if Applicable OP could look https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
for the Probe Interval, Loss Interval, Time Period, and Alert Interval seeing how the adjusts could be made and the rules to follow.
-
@Gertjan
Here is mine
-
@Gertjan said in DNS Resolver not resolving part 1234:
It should be constant, flat and as small as possible.
Like anything, that depends a lot on scaling resolution, duration of sample as well as the connection. Great guideline but not to be interpreted as a blanket statement.
For example, the scaling that appears on the graphs, when everything is mostly sub 1ms as shown from my system the graph appears much less flat, but doesn't mean there is a problem.
Looking at the data summary under the pretty graph might tell us more ?
-
-
Nothing really interesting here, did you have an issue with connectivity as you've described in the past day?
-
-
This is in the Gateway
Dec 12 11:01:24 dpinger 91974 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 213.93.180.1 bind_addr 213.93.180.238 identifier "WAN_DHCP "
Dec 12 11:01:24 dpinger 91974 exiting on signal 15
Dec 12 11:01:24 dpinger 97044 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 213.93.180.1 bind_addr 213.93.180.238 identifier "WAN_DHCP "
Dec 12 11:01:26 dpinger 97044 exiting on signal 15
Dec 12 11:01:26 dpinger 57389 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 213.93.180.1 bind_addr 213.93.180.238 identifier "WAN_DHCP "
Dec 12 11:01:27 dpinger 57389 exiting on signal 15
Dec 12 11:01:27 dpinger 81718 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 213.93.180.1 bind_addr 213.93.180.238 identifier "WAN_DHCP "
