Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS stops responding to queries

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 4 Posters 2.2k Views 6 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      EngineerSB
      last edited by

      Hello all.

      We've started having strange problems where DNS stops responding.

      The service is still running though but just stops responding.

      If I stop the service, then watchdog restarts it and normal responses are resumed.

      Theres also nothing in the logs other than the service being stopped and restarted when I give it a nudge.

      GertjanG A 2 Replies Last reply Reply Quote 0
      • U Offline
        Uglybrian
        last edited by

        Hi, can you elaborate on how you have PF Sense set up for DNS. Are you resolving or are you forwarding, any specific DNS firewall rules? actually, I just did a reread of your post and it almost sounds like you are web browser is using doh. (Hijacking your DNS in the name of safety). I would start there with your web browser settings and turn off all doh and dot.

        1 Reply Last reply Reply Quote 0
        • GertjanG Offline
          Gertjan @EngineerSB
          last edited by Gertjan

          @EngineerSB

          Can I presume :
          a 6100
          pfSense 25.07.1 ?
          unbound is still running ?

          ps aux | grep 'unbound.conf'

          unbound listens to all interfaces ?

          sockstat | grep unbound

          Can you contact unbound on localhost, 127.0.0.1 ? :

          dig @127.0.0.1 gogle.com +short

          Get a list with known interfaces addresses :

          ifconfig | grep 'inet '

          Can you dig-request them all ? Example :

          dig @192.168.1.1 gogle.com +short

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • E Offline
            EngineerSB
            last edited by

            Can I presume :
            a 6100
            pfSense 25.07.1 ?

            Its a 3100, but otherwise current.

            unbound is still running ?

            dont know , the box is a remote unmanned location and we've lost contact with it at this moment.

            but, its being monitored by the watchdog service so I presume at this point that if it had stopped, then watchdog would have restarted it.

            in the last few weeks,

            What we do is , visit > login via the web interface > stop the unbound service in status/services and moments later watchdog restarts it everything starts coming back online.

            We have a scheduled visit on thursday, I'm going this time so I can have a deeper look.

            1 Reply Last reply Reply Quote 0
            • U Offline
              Uglybrian
              last edited by

              Out of curiosity, are you also running PF blocker along with watchdog?

              E 1 Reply Last reply Reply Quote 0
              • E Offline
                EngineerSB @Uglybrian
                last edited by

                @Uglybrian No. not on this setup.

                1 Reply Last reply Reply Quote 0
                • A Offline
                  akkuladezeit @EngineerSB
                  last edited by

                  @EngineerSB

                  do you have such Entires in the system log?

                  kernel   sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (267 occurrences), euid 0, rgid 0, jail 0
kernel   sonewconn: pcb 0xfffff803cd9fb540 (**IP**:53 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (179 occurrences), euid 0, rgid 0, jail 0
...
                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.