Auto Backup Error: Unable to resolve acb.netgate.com
-
@stephenw10
I checked both and I don't see errors. -
-
Nov 5 11:25:03 pfsense unbound[1948]: [1948:0] info: start of service (unbound 1.19.3). Nov 5 11:30:38 pfsense unbound[93372]: [93372:0] info: start of service (unbound 1.19.3). Nov 5 11:40:25 pfsense unbound[1249]: [1249:0] info: start of service (unbound 1.19.3). Nov 5 12:32:38 pfsense unbound[91078]: [91078:0] info: start of service (unbound 1.19.3). Nov 5 12:33:03 pfsense unbound[39185]: [39185:0] info: start of service (unbound 1.19.3). Nov 5 12:33:25 pfsense unbound[14094]: [14094:0] info: start of service (unbound 1.19.3). Nov 5 12:33:48 pfsense unbound[47038]: [47038:0] info: start of service (unbound 1.19.3). Nov 5 12:34:11 pfsense unbound[15742]: [15742:0] info: start of service (unbound 1.19.3). Nov 5 12:34:32 pfsense unbound[30305]: [30305:0] info: start of service (unbound 1.19.3). Nov 6 11:09:39 pfsense unbound[65438]: [65438:0] info: start of service (unbound 1.19.3). Nov 6 11:11:31 pfsense unbound[99829]: [99829:0] info: start of service (unbound 1.19.3). Nov 6 19:15:48 pfsense unbound[23707]: [23707:0] info: start of service (unbound 1.19.3). Nov 6 22:30:28 pfsense unbound[39026]: [39026:0] info: start of service (unbound 1.19.3). -
It's restarting "all the time". Not a problem, but every time it restarts, you - and pfSense - loose DNS for a moment.
Restarting unbound takes some time.
You use pfBlockerng : restarting takes even more time.Do you use "ISC DHP", and if so, you have this option checked (under Services > DNS Resolver > General Settings) ?
If so, uncheck it. save and Apply.
You can set pfBlockerng settings so DNSBL are reloaded less frequent, thus less DNS resolver restarts.
-
@Gertjan
Yes, I figured ;(I still use the ISC DHCP. The other (newer) was crashing to my eye without even checking the logs. I don't have that option checked, but only for static mappings (the option just below). I will turn off pfblocker until I am able to troubleshoot the unbound issues. I have "Resolver Live Sync" option checked so it should not have to reload. Cron setting (under General menu) is set to hourly.
-
@digimd said in Auto Backup Error: Unable to resolve acb.netgate.com:
I still use the ISC DHCP. The other (newer) was crashing to my eye without even checking the logs. I don't have that option checked, but only for static mappings (the option just below)
Ok !
I was just checking. "DHCP Registration" when checked, restarts unbound(resolver) on every DHCP event. And, as already stated, unbound restating == temporary DNS outage.@digimd said in Auto Backup Error: Unable to resolve acb.netgate.com:
I have "Resolver Live Sync" option checked so it should not have to reload.
I'm not so sure about that.
I read "Resolver Live Sync" as "restart unbound" to have it taken in effect new DNSBL info."Resolver Live Sync" only is available if you use the old "Unbound mode".
The newer Python mode is waaaay faster (with more options etc ^^).
It's worth trying Python mode.
Select it, save, and do a Firewallpf > BlockerNG > Update reload all.@digimd said in Auto Backup Error: Unable to resolve acb.netgate.com:
Cron setting (under General menu) is set to hourly.
That's a choice.
Mine is set to :
so one a day.
As that's fine for me
see here : it's the unbound cache size, which shows ... the cache size
and the frequency of unbound restarting. -
@Gertjan
Awesome! I switched to Python mode. I must have used some outdated tutorial. I changed the Message Cache Size from 4mg to 20 mg (is this enough?) to test this intesreting point you brought up; thank you. FYI, I don't have DHCP Registration checked, so I am fine there. -
Wait a day or so, then re execute
cat /var/log/resolver/log | grep 'start'as I've shown above, and see that unbound restarts (way) less times a day.
-
This post is deleted! -
You could also try adding a host override for acb.netgate.com as a test. I wouldn't leave it like that because the IP might change at some point in the future. But it's been the same until now!
