Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New Update Package DNS problem

    DHCP and DNS
    3
    11
    572
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jason001
      last edited by

      Good day.

      Since i updated my exiting Pfsense to latest i get problems no internet. but if i stop and restart "DNS Resolver" it works again then i have internet. but every 24h 36h i have to do this or i have no internet, or some sites like google works but Facebook wont open example.. how can this be solved????

      S J 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @jason001
        last edited by

        @jason001 What do the logs show when it stops working?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        1 Reply Last reply Reply Quote 0
        • J
          jason001 @jason001
          last edited by

          Happened again, Under system logs this is what DNS resolver show

          Last 500 DNS Resolver Log Entries. (Maximum 500)

          Time Process PID Message

          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.016384 0.032768 1
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.032768 0.065536 36
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.065536 0.131072 23
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.131072 0.262144 125
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.262144 0.524288 130
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.524288 1.000000 57
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 1.000000 2.000000 28
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 2.000000 4.000000 6
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 4.000000 8.000000 2
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 8.000000 16.000000 1
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 16.000000 32.000000 4
          Feb 5 07:39:47 unbound 16827 [16827:0] info: server stats for thread 2: 170 queries, 52 answers from cache, 118 recursions, 0 prefetch, 0 rejected by ip ratelimiting
          Feb 5 07:39:47 unbound 16827 [16827:0] info: server stats for thread 2: requestlist max 6 avg 0.144068 exceeded 0 jostled 0
          Feb 5 07:39:47 unbound 16827 [16827:0] info: average recursion processing time 0.847314 sec
          Feb 5 07:39:47 unbound 16827 [16827:0] info: histogram of recursion processing times
          Feb 5 07:39:47 unbound 16827 [16827:0] info: [25%]=0.242869 median[50%]=0.439091 [75%]=0.815001
          Feb 5 07:39:47 unbound 16827 [16827:0] info: lower(secs) upper(secs) recursions
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.000000 0.000001 9
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.032768 0.065536 3
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.065536 0.131072 3
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.131072 0.262144 17
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.262144 0.524288 40
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.524288 1.000000 27
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 1.000000 2.000000 11
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 2.000000 4.000000 5
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 4.000000 8.000000 1
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 8.000000 16.000000 2
          Feb 5 07:39:47 unbound 16827 [16827:0] info: server stats for thread 3: 211 queries, 51 answers from cache, 160 recursions, 0 prefetch, 0 rejected by ip ratelimiting
          Feb 5 07:39:47 unbound 16827 [16827:0] info: server stats for thread 3: requestlist max 6 avg 0.21875 exceeded 0 jostled 0
          Feb 5 07:39:47 unbound 16827 [16827:0] info: average recursion processing time 0.596478 sec
          Feb 5 07:39:47 unbound 16827 [16827:0] info: histogram of recursion processing times
          Feb 5 07:39:47 unbound 16827 [16827:0] info: [25%]=0.16468 median[50%]=0.338028 [75%]=0.745154
          Feb 5 07:39:47 unbound 16827 [16827:0] info: lower(secs) upper(secs) recursions
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.000000 0.000001 13
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.002048 0.004096 1
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.032768 0.065536 10
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.065536 0.131072 6
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.131072 0.262144 39
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.262144 0.524288 38
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 0.524288 1.000000 28
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 1.000000 2.000000 16
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 2.000000 4.000000 7
          Feb 5 07:39:47 unbound 16827 [16827:0] info: 4.000000 8.000000 2
          Feb 5 07:39:51 unbound 48775 [48775:0] notice: init module 0: validator
          Feb 5 07:39:51 unbound 48775 [48775:0] notice: init module 1: iterator
          Feb 5 07:39:51 unbound 48775 [48775:0] info: start of service (unbound 1.18.0).
          Feb 5 07:39:54 unbound 48775 [48775:1] info: generate keytag query _ta-4f66. NULL IN
          Feb 5 07:39:54 unbound 48775 [48775:0] info: generate keytag query _ta-4f66. NULL IN
          Feb 5 19:22:11 unbound 48775 [48775:0] info: generate keytag query _ta-4f66. NULL IN
          Feb 6 07:11:56 unbound 48775 [48775:0] info: generate keytag query _ta-4f66. NULL IN
          Feb 6 18:13:22 unbound 48775 [48775:0] info: generate keytag query _ta-4f66. NULL IN
          Feb 6 19:45:53 unbound 48775 [48775:0] info: service stopped (unbound 1.18.0).
          Feb 6 19:45:53 unbound 48775 [48775:0] info: server stats for thread 0: 1621 queries, 218 answers from cache, 1403 recursions, 0 prefetch, 0 rejected by ip ratelimiting
          Feb 6 19:45:53 unbound 48775 [48775:0] info: server stats for thread 0: requestlist max 18 avg 0.488952 exceeded 0 jostled 0
          Feb 6 19:45:53 unbound 48775 [48775:0] info: average recursion processing time 0.790178 sec
          Feb 6 19:45:53 unbound 48775 [48775:0] info: histogram of recursion processing times
          Feb 6 19:45:53 unbound 48775 [48775:0] info: [25%]=0.191865 median[50%]=0.441485 [75%]=0.915793

          S GertjanG 2 Replies Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @jason001
            last edited by

            @jason001

            service stopped

            Ok so it stopped and didnโ€™t crash. Why? The usual culprit is registering DHCP leases. Which restarts unbound but doesnโ€™t break DNS after it starts again.

            What exactly is the symptom, DNS lookups fail but ping/connect by IP works?

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            J 1 Reply Last reply Reply Quote 0
            • J
              jason001 @SteveITS
              last edited by

              @SteveITS said in New Update Package DNS problem:

              The time this happens some sites work..
              Example google.com,facebook will load and work.. But then if you choose other sites youtube.com example or Netflix it wont load.. first i thought it was a ISP problem.. then i connected directly to my ISP router then i noticed everything works. but when plugged back into PfSense the problem is still there.. then i clicked on Services and DNS resolver restart it the in refresh the pages that didnt want to load, all a sudden it all works.. It worked fine on previous build before update.. but after update not so much.. i mage a config backup, and did a clean install thinking maybe something went wrong with online update.. but then worked for 1-2 days fine then give issue till restart the DNS resolver service..

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @jason001
                last edited by

                @jason001 Do you have DNS Resolver set to forward DNS queries? If so ensure the option to use DNSSEC is unchecked.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                J 1 Reply Last reply Reply Quote 0
                • J
                  jason001 @SteveITS
                  last edited by

                  @SteveITS
                  No.. DNS Forwarder is disabled.. only resolver is enabled

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Rebel Alliance @jason001
                    last edited by

                    @jason001 But is it set to forward? here:
                    9a68f810-72af-43ce-9916-04f775d750a2-image.png

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote ๐Ÿ‘ helpful posts!

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      jason001 @SteveITS
                      last edited by

                      @SteveITSs1.png s2.png

                      These are currently how it looks like

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        SteveITS Rebel Alliance @jason001
                        last edited by

                        @jason001 Can you show "DNS Query Forwarding" on the Resolver page?

                        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                        Upvote ๐Ÿ‘ helpful posts!

                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @jason001
                          last edited by

                          These regular log, every 12 hours or so, lines are normal for unbound lines :

                          @jason001 said in New Update Package DNS problem:

                          Feb 5 07:39:54 unbound 48775 [48775:1] info: generate keytag query _ta-4f66. NULL IN
                          Feb 5 07:39:54 unbound 48775 [48775:0] info: generate keytag query _ta-4f66. NULL IN
                          Feb 5 19:22:11 unbound 48775 [48775:0] info: generate keytag query _ta-4f66. NULL IN
                          Feb 6 07:11:56 unbound 48775 [48775:0] info: generate keytag query _ta-4f66. NULL IN
                          Feb 6 18:13:22 unbound 48775 [48775:0] info: generate keytag query _ta-4f66. NULL IN

                          what they mean : the DNSSEC 'main' key is refreshed. See it as the hart beat of unbound.
                          I've the same thing ( reverse order ) :

                          fa207075-c832-4f58-bbc0-660508bdcfb1-image.png

                          When unbound is told to restart, you see this :

                          Feb 6 19:45:53 unbound 48775 [48775:0] info: service stopped (unbound 1.18.0).

                          and right after this line you see a lot of statistics (more or less useful) logged.

                          Keep in mind that pfSense never stops unbound, as this leaves the system without DNS.
                          pfSense always a stops it - then there is a 10 sec (or so) wait period, and then it starts it.
                          This sequence is a restart.
                          The admin could stop unbound, for whatever reason, using the GUI, for example by using this button :

                          bc31b106-b092-4457-8df8-781a52ebf8de-image.png

                          A reason might be : stop unbound, and set up dnsmasq, the forwarder, and use that one instead.

                          To inform pfSense that unbound shouldn't be (re)started anymore, during boot or at any time, you have to uncheck this option :

                          08ffc90e-ae56-4acf-95df-58a21f8ff320-image.png

                          and then set up the forwarder, dnsmasq :

                          2c956d3e-1389-4210-8d88-46b10314cc9a-image.png

                          So, your logs you've shown above don't show everything, as it ends while unbound was dumping statistics to the log.
                          It should be followed by a

                          2024-02-12 00:15:28.241637+01:00 unbound 51151 [51151:0] info: start of service (unbound 1.18.0).

                          if this - as shown :

                          e1150537-8f36-4143-821d-6eef1316848c-image.png

                          was really the end of the logs, nothing more was added, then something really bad has happened.
                          Like unbound process died on the spot. That's not normal at all.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.