Bind: address already in use error fatal error could not open ports
-
How can the following error be corrected?
The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf returned exit code '1', the output was '[1730294482] unbound[8335:0] error: bind: address already in use [1730294482] unbound[8335:0] fatal error: could not open ports'
I installed the patch "Fix potential local file include via DNS Resolver Python Module Script include mechanism (pfSense-SA-24_01.webgui, Redmine #15135)" which helped some although the error still occurs although less frequently. I also installed the patch "Fix DNS Resolver host overrides ignoring all aliases if first entry had a domain set but no hostname (Redmine #14942)" This issue has be going on for a while.......
-
Enclosed are the log entries from unbound:
Oct 30 09:21:25 unbound 65875 [65875:0] info: start of service (unbound 1.18.0).
Oct 30 09:21:25 unbound 65875 [65875:0] notice: init module 1: iterator
Oct 30 09:21:25 unbound 65875 [65875:0] info: [pfBlockerNG]: init_standard script loaded
Oct 30 09:21:25 unbound 65875 [65875:0] info: [pfBlockerNG]: pfb_unbound.py script loaded
Oct 30 09:21:24 unbound 65875 [65875:0] notice: init module 0: python -
@scottjh1 said in Bind: address already in use error fatal error could not open ports:
15135
Where / what ?
can't find 15135.Neither here :
@scottjh1 said in Bind: address already in use error fatal error could not open ports:
pfSense-SA-24_01
What is that.
Use 24.03 .... ?!What is your pfSense version ?
@scottjh1 said in Bind: address already in use error fatal error could not open ports:
The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf returned exit code '1', the output was '[1730294482] unbound[8335:0] error: bind: address already in use [1730294482] unbound[8335:0] fatal error: could not open ports'
When you that, go ask you pfSense who is using the 'port' (port 53, UDP, TCP most probably).
Console or SSH (no GUI tricks allowed)sockstat | grep '53'
If needed, kill the one that pet hold on the port.
-
The version is Version 2.7.2-RELEASE (amd64)
built on Wed Dec 6 15:10:00 EST 2023
FreeBSD 14.0-CURRENT
At the time the console was not being used although I could see the monitor display the error. Not being farmiliar with Free BSD I take it I should use option 8 on the console then enter the above the noted command? -
I followed the noted directions finding 10.10.10.1 2 process running, and 127.0.0.1 2 processes running. Local host also running on port 953 single process, wan has 3 processes running connected to Quad 9. There are multiple active devices currently in use on the network which explains the multiple DNS wan entries. Is there a pernanate repair to stop the error from occurring?
-
@scottjh1 said in Bind: address already in use error fatal error could not open ports:
Not being farmiliar with Free BSD I take it I should use option 8 on the console then enter the above the noted command?
Exact.
Console access : don't worry, they are all the same. -
Is there a repair there corrective code available to fix this behavior so it does not continue to happen?
-
@scottjh1 Please excuse my bad grammer, Is there code or a patch to correct the bind error from occurring again?
-
When are you seeing that? I can happen at boot if something tries to start a second Unbound instance before the first one has stopped. It doesn't normally cause any problems.
-
@scottjh1 said in Bind: address already in use error fatal error could not open ports:
correct the bind error from occurring again?
Normally ;) this doesn't happen.
unbound, the resolver, the process that handles all DNS, start when the system starts, and stays up and running until you shut the system down.
The very same unbound binary (executable) is used by all of us.
But ; our (pfSense (unbound / rsolver) settings differ !
And : you've added a pfSense package that can use DNSBL feeds. How often are they reloaded ? Check the pfBlockerng log :and in that log you can see pfBlockerng restarting unbound.
And then there is the famous :
if this one is checked, on every new DHCP lease or renew, unbound will be restarted.
That can happen multiple times per minute ( !! ) as a wifi connected device at the border of the SSID range will reconnect very often. And every ere connect will be followed by a DHCP request.( My advise : never check this setting )
An often there is the worst of all :
You could ( My advise : never use this package ) setup that tool to restart whatever process, like unbound, to start it again, if it found it 'stopped'.
That will create this situation :Bind: address already in use error fatal error could not open ports
These 3 situations are the ones I've found, while reading this forum the last decade or so.
Some of them are not applicable, I hope, for you.
What you can do to make it work right now :
Execute[24.03-RELEASE][root@pfSense.bhf.tld]/root: sockstat | grep '53' unbound unbound 52022 3 udp6 *:53 *:* unbound unbound 52022 4 tcp6 *:53 *:* unbound unbound 52022 5 udp4 *:53 *:* unbound unbound 52022 6 tcp4 *:53 *:* unbound unbound 52022 7 tcp4 127.0.0.1:953 *:* unbound unbound 52022 17 udp4 192.168.10.4:36879 13.107.237.2:53 unbound unbound 52022 18 udp4 192.168.10.4:31780 13.107.238.2:53 avahi avahi-daem 75002 13 udp4 *:5353 *:*
So now you know unbound uses process ID 52022.
Kill it.
If you find more of them : kill them all.kill 52022
Now, in the GUI, go here :
and click Save at the bottom of the page.
And then Apply at the top.Now, you could check again with sockstat | grep '53' command again.
And / or go to the GUI dashboard, you should see under "Services status" : -
Wow, there is considerable information you have provided, thank you! DNSBL reloads once per day at 15 minutes past midnight, 00:15. I am using KEA for DHCP services which does not contain the DHCP registration setting. Knowing the origional DHCP service is will be remmoved at some future point appeared to the best option. Service _Watchdog is not installed given the issues it creates. I added the service status to the dashboard for monitoring.