Unbound start waiting on dhcp6c
-
I'm running 2.7.2 on a laptop.
I've been out on travel for the past week. I normally can connect in over wireguard but noticed I was unable to do so. Through comcast, I initiated a cable modem restart (sometimes this doesnt actually work but I have no way of knowing). But shortly after this, I got a report that my wifi thermostat stopped communicating back home. Anyways, the problem persisted.
I returned home pulled up the pfsense GUI and it showed no issues on the dashboard. I could not access any websites but DNS seemed to up. I decided to manually restart my cable modem.
Success, I was able to load a webpage. However, then I tried loading another and it failed. The old one failed too. In fact, I was now unable to even access the GUI. I find this very strange.I decided to goto the actual pfsense laptop and look at the screen. It seems it rebooted itself (after being up for 40 days) and was stuck on "Starting DNS Resolver". I did a quick google search and it suggested deleting pfb_dnsbl.conf. The last change I did was redoing pfblockerng config about a month ago. Rebooting, same result.
I looked at the resolver log and there was nothing for the past month. I checked system.log and it has "rc.bootup: Unbound start waiting on dhcp6c" I may have enabled ipv6 but then disabled it while setting of pfblockerng. I think I have ipv6 block rules in there eventhough ipv6 is disabled.
ANYWAYS, doing more searching, I see some suggestions from people using the GUI. However, I'm stuck in the shell. What can I try in the shell to get past this and at least back in the gui?
-
@eng3 said in Unbound start waiting on dhcp6c:
suggested deleting pfb_dnsbl.conf.
Where is (was) that file ?
@eng3 said in Unbound start waiting on dhcp6c:
and it has "rc.bootup: Unbound start waiting on dhcp6c"
So on WAN, IPv6 is active as dhcp6c is active.
Right after that line is printed (up to 10 times) the unbound process is (re) started.
From that moment on, at that millisecond time stamp, follow the rest of the unbound story in the resolver.log file. Normally, unbund doesn't log much during 'start'.
@eng3 said in Unbound start waiting on dhcp6c:
I'm stuck in the shell. What can I try in the shell to get past this and at least back in the gui?
The GUI can get pretty slow to reply as DNS is out of business.
But, eventually, its shows up after a minute or so.While you're at the console, ask pfSense if the web server is running.
ps ax | grep 'nginx'and or
sockstat -4 | grep 'nginx'Btw : unbound :
ps ax | grep 'unbound'Have your checked your disk(s) ? Not full ? Not in read only mode ?
@eng3 said in Unbound start waiting on dhcp6c:
I decided to goto the actual pfsense laptop
pfSense runs on a laptop ... ? really ? With the USB NICs and that all ??
-
thanks for the reply.
the file is at: /var/unbound/pfb_dnsbl.conf
deleting it didnt seem to help, it seems to automatically get regenerated.I can't get in the GUI so I dont know the WAN configuration type. I'm pretty sure IPv6 configuration type should be none. Is there a way to check this in single user mode?
/var/log/resolver.log last entry is from mid July
This all happened when I got home last night. I left it for 8hrs on the "starting DNS resolver" screen and it still doesnt seem to be up.
When I access the gui, I am on a connected PC and I connect by typing in the IP address. Chrome just times out when I try to connect. I've tried several times.Disk was around 1% full when the dashboard was working just before it rebooted itself.
I'll try running your suggested commands to see if nginx and unbound are running. (I'm not currently at home but will be back in a few hours) I just limited because I don't know how to navigate single user mode. I am familiar with linux (redhat/debian) but have very little familiarity with pfsense in this mode.Yes, running on an old laptop (Lenovo T420). I use the native ethernet port and added another one using the expresscard slot. One is WAN, the other is LAN which connects to a switch. The battery also adds as a backup UPS. Been running since 2020 with no major issues until now. The major downside is I only have one of these laptops and one express card so single point of failure.
Something like what's happened now is a bit of a nightmare I've had ever since I started using pfsense.
I am a bit perplexed about the sequence of events that lead to this. -
@eng3 said in Unbound start waiting on dhcp6c:
/var/unbound/pfb_dnsbl.conf
Ah, ok, I get it, I think.
That file is created bt pfBlockerng when you use the old 'unbound' method.
These days, it's its the 'python' method.
But you can chose :
The classic, now called "unbound" method takes all the DNSBL files, and assembles it into one big dnsbl file, That's this file /var/unbound/pfb_dnsbl.conf. Its regenerated on every 'dnsbl feed update'.
The python method was invented (by the authors of unbound themselves) as it is faster/better for unbound to use a plugin that maintains the dnsbl file(s).
If you have just some small dnsbl feeds, there is not really a difference, but thenthe obvious was happening : people started to click select them all :
(the entire page, so millions and millions of DNS hostname entries.
Upon restart, unbound took dozens of minutes just to 'start' because it had to parse the xx millions lines file. And during that restart,; DNS is 'out'.
Furthermore, parsing huge files with PHP .... that's asking for troubles ....
With the python approach, there are still limits, but its way faster/better.
And for free : even more stats and filter possibilities.@eng3 said in Unbound start waiting on dhcp6c:
I don't know how to navigate single user mode.
Single user mode ? Wow.
That means there isn't a normal system startup ? Your system really 'stops' when unbound starts ?@eng3 said in Unbound start waiting on dhcp6c:
I am a bit perplexed about the sequence of events that lead to this.
Things would be way more stable if this one was taken out :
( you could also decide not to use it ^^ )
By adding 'more gadgets' (the other name of pfSense packages) you bring more bugs into your system.
As said earlier today : less is better.@eng3 said in Unbound start waiting on dhcp6c:
I am familiar with linux (redhat/debian) but have very little familiarity with pfsense in this mode.
They are actually all the same.
But the commands involved are always a bit different.
Like : afaik, in single user mode, the file system isn't even mounted at first. So the file system you 'see' isn't the pfSense file system.@eng3 said in Unbound start waiting on dhcp6c:
When I access the gui, I am on a connected PC and I connect by typing in the IP address. Chrome just times out when I try to connect. I've tried several times.
In single user mode, interfaces aren't even 'mounted' neither. You have just the console access. (again : maybe I'm wrong here .. not sure)
-
I think its single user mode. Correct, it's not starting up normally.
I couldnt access the gui so I looked at the screen and it was stuck at "starting DNS resolver" (for many hours). Nothing after that. It doesnt say "done" so I assume that is where it stops.
So I pressed CTRL-C and enter to execute the shell. I assume this is "single user mode".
Whatever mode it is, that is all I seem to be able to do.
I'm trying to get past this issue via the console so I can at least get the web interface back.
When I reconfigured pfblockerng a month ago, I enabled alot of the IP geo blocks. I added a few feeds that might be a bit large. When I added the IP geo blocks, I included the ipv6 blocks and then checked the "Allow ipv6" thinking I should block ipv6. But then remembered that leave it unchecked would blocking everything so I unchecked it again. I forget if I actually went back and removed all the ip geo blocks. Anyways, I haven't change the configuration for about a month because I wanted to test how well the blocking was working.
as for packages, I don't have alot but I don't know how to go in and disable them either. I dont think it auto updates as I always seeme to need to go in and manually do it so I don't think this would have been the culprit. I did also enable "system patches" about a month ago.
When I said I was perplexed by the sequence of events, I meant how I had no internet (probably no dns) when I first got home but the GUI was working. Then after a cable modem reboot, I was able to load one webpage but then everything stopped working and pfsense seemed to reboot itself and get stuck. I went back in the system log to when the reboot occurred and there were no error messages, it just happened to reboot right then. Maybe the cable modem reset triggered something.
-
Can you have a look at /var/log/ ,
There is a file called "resolver.log".
That's the unbound log file.
Check what's in it. The interssting parts isn't the 'weeks of activity' but the moment in started.
Maybe you find the reason there.Next step :
When unbound start, most of the needed config files are recreated from 'scratch'.Just to be sure : rename these files :
as they are pfBlockerng related.
As said, the other files in there are re generated anyway.Now, reboot, and unbound should start whiteout a hitch.
if the GUI comes up, go straight to the pfBlockerng main page, and deactivate it. -
@Gertjan
As I mentioned earlier, there is nothing in resolver.log. The last entry is from July.I also dont have any of those pfb files in /var/unbound except for the .conf file I mentioned.
Looking at system log more closely, I do see the following:
rc.bootup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf -p /var/run/dhclient.em0.0id em0 > /tmp/em0_output 2> /em0_error_output' returned exit code 1, the output was ''
rc.bootup calling interface_dhcpv6_configure
rc.bootup: Accept router advertisements on interface em0
rc.bootup: Starting rtsold process on wan
rtsold: Received RA specifying route fexxxxxx for interface wan
rtsold: RTSOLD Lock in place - sending SIGHUP to dhcp6c -
@Gertjan So I gave up and just reinstalled pfsense (after copying out the config.xml).
Everything started working fine without any changes.Still not sure what happened. My over confidence in the reliability of my setup has gone down alot.
