Unbound Keeps restarting

youcangetholdofjules

I have this issue I am seeing quite often.

Jun 28 12:39:05 kea2unbound 8303 Unbound reloaded: /var/unbound/unbound.conf
Jun 28 12:39:05 kea2unbound 8303 Include updated: /var/unbound/leases/leases4.conf (40dba4efd3910c22)
Jun 28 12:39:05 kea2unbound 8303 Unbound lease include is missing or inconsistent: /var/unbound/leases/leases4.conf
Jun 28 12:36:53 kea-dhcp4 79115 WARN [kea-dhcp4.dhcp4.0x12ddce12000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
Jun 28 12:36:53 kea-dhcp4 79115 WARN [kea-dhcp4.dhcp4.0x12ddce12000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
Jun 28 12:36:53 kea-dhcp4 79115 WARN [kea-dhcp4.dhcpsrv.0x12ddce12000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.

I have disabled DNS registration for DHCP clients on all my subnets, which seems to have improved things a bit but I am still getting this issue which is driving me crazy - EVERYTHING needs to re-register, and all those I have assigned static IPs to go down for some time while the system sorts itself out.

Any ideas?

Thanks,
Julian

youcangetholdofjules

oh, and leases4.conf is pretty much empty:

40dba4efd3910c22

Automatically generated! DO NOT EDIT!

Last updated: 2025-06-28 12:39:05

NightlyShark

@youcangetholdofjules Are you sure there is no misconfiguration going on? Maybe you forgot to update DHCP on an interface that changed subnets?

patient0

@youcangetholdofjules what pfSense version are you running? And do you have a watchdog setup to restart KEA or Unbound?

The KEA log messages are ok, not sure about the Unbound lease file. Do you have more logs?

Btw: if you post log file content or commands and outputs, you can use Markdown syntax to make easier to read by adding a line before and after which contains only "```" (without the quotes):

Jun 28 12:39:05 kea2unbound 8303 Unbound reloaded: /var/unbound/unbound.conf
Jun 28 12:39:05 kea2unbound 8303 Include updated: /var/unbound/leases/leases4.conf (40dba4efd3910c22)
Jun 28 12:39:05 kea2unbound 8303 Unbound lease include is missing or inconsistent: /var/unbound/leases/leases4.conf
Jun 28 12:36:53 kea-dhcp4 79115 WARN [kea-dhcp4.dhcp4.0x12ddce12000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64

Gertjan

@youcangetholdofjules said in Unbound Keeps restarting:

oh, and leases4.conf is pretty much empty:

40dba4efd3910c22
Automatically generated! DO NOT EDIT!
Last updated: 2025-06-28 12:39:05

That's to simple. It's actually an empty file - no 'data.

It should look like this :

# 12e306cf4c3365ca
# Automatically generated! DO NOT EDIT!
# Last updated: 2025-07-01 03:46:08
local-data: "tl-sg108e.bhf.tld. 7200 IN A 192.168.1.3"
local-data: "3.1.168.192.in-addr.arpa. 7200 IN PTR tl-sg108e.bhf.tld."
local-data: "9.1.168.192.in-addr.arpa. 7200 IN PTR cloudkey.bhf.tld."
local-data: "vr-radio.bhf.tld. 7200 IN A 192.168.1.18"
local-data: "18.1.168.192.in-addr.arpa. 7200 IN PTR vr-radio.bhf.tld."
local-data: "iphone-xii-gertjan.bhf.tld. 28800 IN A 192.168.1.35"
local-data: "35.1.168.192.in-addr.arpa. 28800 IN PTR iphone-xii-gertjan.bhf.tld."
local-data: "ub6prob2.bhf.tld. 7200 IN A 192.168.1.253"
local-data: "253.1.168.192.in-addr.arpa. 7200 IN PTR ub6prob2.bhf.tld."
local-data: "ub6prob1.bhf.tld. 7200 IN A 192.168.1.254"
local-data: "254.1.168.192.in-addr.arpa. 7200 IN PTR ub6prob1.bhf.tld."
local-data: "43.1.168.192.in-addr.arpa. 7200 IN PTR iphone-12-nicojullien.bhf.tld."
local-data: "galaxy-s8-niki.bhf.tld. 7200 IN A 192.168.1.42"
local-data: "42.1.168.192.in-addr.arpa. 7200 IN PTR galaxy-s8-niki.bhf.tld."
local-data: "desk5000.bhf.tld. 7200 IN A 192.168.1.41"
local-data: "41.1.168.192.in-addr.arpa. 7200 IN PTR desk5000.bhf.tld."

and now "kea2unbound " find the data and wn't complain anymore.

Normally, the kea DHCP server regular dumps the 'in memory' leases database into this file.
When it dumps this file, it also calls an external script : kea2unbound and this scripts will 'dialog' with unbound.
It's a bit strange to see kea calling kea2unbound when it wrote an empty /var/unbound/leases/leases4.conf file ... as that doesn't make sense.

bimmerdriver

@youcangetholdofjules I'm seeing exactly the same messages. Both DHCPv4 and v6 are working very poorly since I upgraded to 2.8.0.

bimmerdriver

On my system, these files are empty:

/var/unbound/leases/leases4.conf
/var/unbound/leases/leases6.conf
/var/unbound/dhcpleases_entries.conf

There are both v4 and v6 reservations and leases.

youcangetholdofjules

@bimmerdriver Ok I finally managed to solve it.

Not quite sure whether this is the most kosher of methods, a bit outside of my usual wheelhouse, but here's what I did:

If you go into the DHCP Server and go onto each of your interfaces, change "DNS Registration" and "DNS Early Registration" from "track server" to "Disable"

Then go into the DHCP Server settings page:

And enable both there.

Not sure why but that seems to work. the leases4.conf is now fully populated and I haven't had a single DHCP Server restart since.

I would like the thoughts of an expert on this however - that was just me manhandling it until it worked,

Cheers,

Julian

stephenw10

I'd expect that to disable DNS registration for clients on that interface. You might be seeing existing registration still present only.

bimmerdriver

@youcangetholdofjules Thank you very much for your reply. I managed to get the system stable again by following your suggestion.

The first time I tried it, only the DHCPv4 file got populated, so I tried again. The second time, I completely disabled all of the DHCPv4 and DHCPv6 settings. Then I rebooted the system and re-enabled them. After that, both files were populated.

Now, the GUI is stable and it seems that I can make changes to the reservations.

youcangetholdofjules

@bimmerdriver that's great. Thanks for the response, and glad I could help.

I just wish I was a bit clearer on the science behind it.

bimmerdriver

@youcangetholdofjules said in Unbound Keeps restarting:

@bimmerdriver that's great. Thanks for the response, and glad I could help.

I just wish I was a bit clearer on the science behind it.

I'm glad it's fixed, I would especially like to know what caused it to break. My network is small. I would not want to experience this for a large network.

eldest

I too am seeing this exact issue across two fresh installs of 2.8.0 on different hardware. I think this is the root of a few issues that have been reported including this one:

https://forum.netgate.com/topic/197613/pfsense-ce-2-8-0-kea2unbound-causes-high-cpu-load-even-when-dns-registration-is-disabled/2?_=1749683895535

Is this not a clear bug if kea2unbound is being invoked when dns registration and early dns registration are deselected? or is this intended to always restart unbound at random? I'm seeing the same logs and same symptoms with /var/unbound/leases/leases4.conf empty. Happy to provide any information needed as this is very disruptive.

youcangetholdofjules

@stephenw10 If I understand you correctly, as the leases expire and renew, maybe I face the same pickle again - its not without its wobbles, but the system has been running much more stably since this change.

There are tasmota devices I have on my IOT subnet that I obviously have locked right down, and they still throw up a few problems but thats maybe my overzealousness on security policy. Everything else now works well.

stephenw10

Hmm, yeah I'd expect it to only be resolving leases that were present before that change. Like if you add a new static dhcp lease on that interface I'd expect that to fail to resolve.