Problem with DNS resolver
-
If I restart pfsense on the physical machine the DNS resolver doesn't work.
The service appears to be working.
This always happens every time I reboot the system or turn off the machine.I verified that if I stop the service and restart it manually then it works.
What could it depend on?
All services are OK
After manually restarting the "unbound DNS Resolver" service then it works
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio could be unbound is starting before something is fully up - like your actual connection, are you routing traffic through a vpn?
-
@johnpoz
No VPN -
So Unbound is actually stopped after rebooting?
Whats shown in the DNS or System logs? Is it trying to start and failing?
-
Execute
cat /var/log/resolver.log | grep 'start'and take note : unbound can't handle DNS requests when its in the process of stopping and restarting.
Obvious solutions :
(very silly) : make less DNS requests.
or
make unbound restart less often.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Hello,
i have enabled: "Serve Expired"
I did a reboot and it works now
To date, the problem has not recurred
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio Another thing, that might interrupt DNS, is having unbound resolve dynamic DHCP client hostnames.
AIUI this results in unbound restarts in order to reread the leases file. I set mine to only resolve static leases. -
@Unoptanio said in Problem with DNS resolver:
i have enabled: "Serve Expired"
I did a reboot and it works now
Hmm, well that seems odd. Not sure how that setting would have any effect of Unbound starting.
-
@stephenw10 said in Problem with DNS resolver:
Not sure how that setting would have any effect of Unbound starting.
It wouldn't, and on a restart there wouldn't be anything in the cache to serve up anyway.
-
@Gertjan said in Problem with DNS resolver:
cat /var/log/resolver.log | grep 'start'
Today the problem recurred
Shell Output - cat /var/log/resolver.log | grep 'start'
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio said in Problem with DNS resolver:
@Gertjan said in Problem with DNS resolver:
cat /var/log/resolver.log | grep 'start'
Today the problem recurred
You say in your signature that you use 2.7.2 CE but your unbound is (according your screenshot) 1.18.0 - thats not consistent IMHO
Here (also 2.7.2.CE):
Jun 6 03:05:11 unbound 62796 [62796:0] info: service stopped (unbound 1.19.1). Jun 5 03:05:17 unbound 62796 [62796:0] info: start of service (unbound 1.19.1). -
-
@Unoptanio said in Problem with DNS resolver:
Do at the CLI:
pkg search unboundwhat do you get?
Try:
pkg install unbound-1.19.1Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
pfsense 2.7.2 CE
Packages: Apcupsd Cron Iftop Iperf LCDproc Nmap pfBlockerNG RRD_Summary Shellcmd Snort Speedtest System_Patches. -
@Unoptanio Two things to try. Disable resolution of DHCP leases and Openvpn client hostnames. Also, increase the loglevel, which might give you more clues. One other thing, leave listening/outgoing interfaces as 'all'.
Obviously not suggesting these as solutions but as a means to getting to the cause/culprit. -
-
@Unoptanio said in Problem with DNS resolver:
pkg search unboundunbound-1.19.1 Validating, recursive, and caching DNS resolver
Now do:
pkg install unbound-1.19.1 -
[2.7.2-RELEASE][admin@xxxxxxxxxxxx]/root: pkg install unbound-1.19.1
Updating pfSense-core repository catalogue...
Fetching meta.conf: 0%
Fetching packagesite.pkg: 0%
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
Fetching meta.conf: 0%
Fetching packagesite.pkg: 0%
pfSense repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):Installed packages to be UPGRADED:
unbound: 1.18.0_1 -> 1.19.1 [pfSense][2.7.2-RELEASE][admin@Axxxxxxxxx]/root: pkg search unbound unbound-1.19.1 Validating, recursive, and caching DNS resolver -
@Unoptanio said in Problem with DNS resolver:
unbound: 1.18.0_1 -> 1.19.1 [pfSense]
Lets see if your trouble is gone
-
In your opinion, why didn't I have the latest version before? I also have all the patches installed
What version of pfsense is Unbound 1.18.0_1 from?
pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2 -
@Unoptanio said in Problem with DNS resolver:
In your opinion, why didn't I have the latest version before? I also have all the patches installed
There are updates that are not shown on the GUI and not with Patches - they are shown only on the CLI.
