Questions about UnBound DNS
-
In case anyone is interested I found this image of the Unbound Settings for Pfsense - apparently from a Pfsense developer:
http://twitpic.com/3g6gq7
For me cannot get Borat at:
http://test.dnssec-or-not.org/
-
On today's Pfsense Beta 2.0 build I got this:
"php: : The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '[1292976182] unbound[47829:0] error: bind: address already in use [1292976182] unbound[47829:0] fatal error: could not open ports'"
???Odd, this only happens if dnsmasq is still enabled and started. What version of the Unbound package you running?
-
In case anyone is interested I found this image of the Unbound Settings for Pfsense - apparently from a Pfsense developer:
http://twitpic.com/3g6gq7
For me cannot get Borat at:
http://test.dnssec-or-not.org/
The page not possibly cached. As an alternative you can try this:
dig @ <ip>edu +dnssec
Look for the flags section which should contain 'ad' in them. For example:
; <<>> DiG 9.6.2-P2 <<>> @192.168.1.14 edu +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60486
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;edu. IN A;; AUTHORITY SECTION:
edu. 900 IN SOA a.edu-servers.net. nstld.verisign-grs.com. 1290192544 1800 900 604800 86400
edu. 900 IN RRSIG SOA 7 1 900 20101126184904 20101119183904 44056 edu. tj/QsEt14ht17PeaydNQvSlsYt/vs9vj4y6OOICt1TcctDEwwNZ/1S+C mXpUZtYAyiIT8XUtFoSRhdMD0gpsLh6Qw+cBnBC4R//5khW9GJ+jHhU6 YA6aEPaQdmWt5i2TqLdxV8ebGQj3EP+rxe/GmFONoV4crT5aw+s5PTvZ QLc=
9DHS4EP5G85PF9NUFK06HEK0O48QGK77.edu. 86400 IN NSEC3 1 1 0 - 9F7PCDK9UL86ESUV8TM11L35AKSI4MB4 NS SOA RRSIG DNSKEY NSEC3PARAM
9DHS4EP5G85PF9NUFK06HEK0O48QGK77.edu. 86400 IN RRSIG NSEC3 7 2 86400 20101126182049 20101119181049 44056 edu. mLNYbHkzpQK3uJAZxkbhDHb1ZpPuhoVU3hBwAzUdCq41KWFyv8FL6CEA mshyGLs91asDcOtYatdC+EL6XB6tGOP4u1pio+rPH5NiMF3JDrGpBwiz qEcCglxeWArA3KZd1HYwoeDZ1fv8aODVgm9/ANPoyl+GWEPwKNn07V44 qiI=;; Query time: 2614 msec
;; SERVER: 192.168.1.14#53(192.168.1.14)
;; WHEN: Fri Nov 19 20:49:35 2010
;; MSG SIZE rcvd: 513</ip> -
Package Install Weirdness from Webgui for unbound.
After fooling around with Unbound for several days today I upgraded to the latest build pfSense-Full-Update-2.0-BETA4-20101225-2327.tgz
On restart I noticed both SQUID and Unbound were not working deinstall / reinstall failed repeatedly.
Thus did a fresh install of 1.23 on this box and upgraded to today's 2.0 Beta 4 (listed as 4 but the Dashboard Shows Beta 5?)
Try to install Unbound and get
–-Beginning package installation for Unbound...
Downloading package configuration file... done.
Saving updated package information... done.
Downloading Unbound and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/8/All/unbound-1.4.7.tbz ... (extracting)
Downloading http://files.pfsense.org/packages/8/All/expat-2.0.1_1.tbz ... (extracting)
openssl-1.0.0_4 already installed.
Downloading http://files.pfsense.org/packages/8/All/libevent-1.3e.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/libevent-1.3e.tbz.
of unbound-1.4.7 failed!Installation aborted.Backing up libraries...
Removing package...
Starting package deletion for unbound-1.4.7...done.
Starting package deletion for expat-2.0.1_1...done.
Starting package deletion for libevent-1.4.14b_1...done.
Removing Unbound components...
Tabs items... done.
Menu items... done.
Services... done.
Loading package instructions...
Include file unbound.inc could not be found for inclusion.
Deinstall commands...
Not executing custom deinstall hook because an include is missing.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... Failed to install package.Installation halted.
I go to the addresses in a separate window and find that:
http://files.pfsense.org/packages/8/All/libevent-1.3e.tbz does not exist only libevent-1.4.14b_1.tbz
Why is the installation trying to download a non-existent file?
Another problem with today's build is Squid:
pfsense.local
System
Interfaces
Firewall
Services
VPN
Status
Diagnostics
Help
Status: System logs: SystemSystemFirewallDHCPPortal AuthIPsecPPPVPNLoad BalancerOpenVPNOpenNTPDSettings
Last 50 system log entries
Dec 26 17:37:17 kernel: ugen0.2: <microsoft>at usbus0
Dec 26 17:37:17 kernel: ukbd0: <microsoft 0="" 2="" microsoft="" digital="" media="" pro="" keyboard,="" class="" 0,="" rev="" 2.00="" 1.10,="" addr="">on usbus0
Dec 26 17:37:17 kernel: kbd2 at ukbd0
Dec 26 17:37:17 kernel: uhid0: <microsoft 0="" 2="" microsoft="" digital="" media="" pro="" keyboard,="" class="" 0,="" rev="" 2.00="" 1.10,="" addr="">on usbus0
Dec 26 17:37:17 php: : rc.newwanip: Informational is starting rl0.
Dec 26 17:37:17 php: : rc.newwanip: on (IP address: 10.0.0.6) (interface: wan) (real interface: rl0).
Dec 26 17:37:17 kernel: pflog0: promiscuous mode enabled
Dec 26 17:37:17 php: : ROUTING: add default route to 10.0.0.2
Dec 26 17:37:18 check_reload_status: reloading filter
Dec 26 17:37:18 apinger: Starting Alarm Pinger, apinger(26664)
Dec 26 17:37:20 php: : ROUTING: change default route to 10.0.0.2
Dec 26 17:37:20 dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Dec 26 17:37:20 dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Dec 26 17:37:20 dhcpd: All rights reserved.
Dec 26 17:37:20 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Dec 26 17:37:20 dnsmasq[47832]: started, version 2.55 cachesize 10000
Dec 26 17:37:20 dnsmasq[47832]: compile time options: no-IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Dec 26 17:37:20 check_reload_status: updating all dyndns
Dec 26 17:37:20 dnsmasq[47832]: reading /etc/resolv.conf
Dec 26 17:37:20 dnsmasq[47832]: using nameserver 10.0.0.2#53
Dec 26 17:37:20 dnsmasq[47832]: read /etc/hosts - 2 addresses
Dec 26 17:37:25 php: : Creating rrd update script
Dec 26 17:37:26 php: : Resyncing configuration for all packages.
Dec 26 17:37:29 php: : Starting Squid
Dec 26 17:37:29 squid[19418]: Squid Parent: child process 20128 started
Dec 26 17:37:29 check_reload_status: reloading filter
Dec 26 17:37:29 php: : Not calling package sync code for dependency squidcache of squid because some include files are missing.
Dec 26 17:37:29 php: : Not calling package sync code for dependency squidnac of squid because some include files are missing.
Dec 26 17:37:29 php: : Not calling package sync code for dependency squid of squid because some include files are missing.
Dec 26 17:37:29 php: : Not calling package sync code for dependency squidtraffic of squid because some include files are missing.
Dec 26 17:37:29 php: : Not calling package sync code for dependency squidupstream of squid because some include files are missing.
Dec 26 17:37:29 php: : Not calling package sync code for dependency squidauth of squid because some include files are missing.
Dec 26 17:37:29 php: : Not calling package sync code for dependency squidusers of squid because some include files are missing.
Dec 26 17:37:29 php: : Not calling package sync code for dependency squidcache of squid because some include files are missing.
Dec 26 17:37:31 login: login on ttyv0 as root
Dec 26 17:37:31 sshlockout[36153]: sshlockout/webConfigurator v3.0 starting up
Dec 26 17:37:34 Squid_Alarm[43936]: Squid has exited. Reconfiguring filter.
Dec 26 17:37:34 Squid_Alarm[44490]: Attempting restart…
Dec 26 17:37:34 squid[45954]: Squid Parent: child process 46742 started
Dec 26 17:37:37 Squid_Alarm[47111]: Reconfiguring filter…
Dec 26 17:37:37 Squid_Alarm[56822]: Squid has resumed. Reconfiguring filter.
Dec 26 17:38:36 check_reload_status: syncing firewall
Dec 26 17:38:37 php: /pkg_mgr_install.php: Beginning package installation for Unbound.
Dec 26 17:38:37 check_reload_status: syncing firewall
Dec 26 17:39:18 check_reload_status: syncing firewall
Dec 26 17:39:18 check_reload_status: syncing firewall
Dec 26 17:39:19 check_reload_status: syncing firewall
Dec 26 17:39:19 check_reload_status: reloading filter
Dec 26 17:41:29 check_reload_status: Linkup starting nfe0
Dec 26 17:41:29 kernel: nfe0: link state changed to DOWN
–--If I go back to December 23 snapshot Squid does not gives these errors.</microsoft></microsoft></microsoft>
-
Tried to install Unbound from the console:
pkg_add http://files.pfsense.org/packages/8/All/unbound-1.4.7.tbz
It starts and everything appears to be going fine then it barfs when it cannot find http://files.pfsense.org/packages/8/All/libevent-1.3e.tbz
-
I believe the Pfsense 2.0 Beta 4 or 5 after the 23 December is broken as far as the package installer for Unbound is concerned ???
Did a fresh install of today's Beta and tried to install both:
unbound-1.4.6.tbz 2010-Nov-03 16:16:49 6.0M application/x-bzip-compressed-tar
unbound-1.4.7.tbz 2010-Dec-26 02:22:20 6.4M application/x-bzip-compressed-tarfrom the WebGui and from the Console and both failed complaining about not finding:
Downloading http://files.pfsense.org/packages/8/All/libevent-1.3e.tbz … could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/libevent-1.3e.tbz.
of unbound-1.4.7 failed!Browsing the packages at http://files.pfsense.org/packages/8/All/ shows this file does not exist either deleted by accident or the Unbound install package is screwed up.
The libevent-1.3e.tbz file is an old file from 07 - the current file at http://files.pfsense.org/packages/8/All/ is libevent-1.4.14b_1.tbz
-
Yup same error.. I just did a clean install of 2. latest
Version 2.0-BETA5 (i386)
built on Sun Dec 26 01:43:40 EST 2010You are on the latest version.
Would really like to get this work.. how can we change the installer to use the newer version of libevent?
-
Packages are recompiling now, should be uploading soon. Hopefully once they do it should pull libevent 1.4 instead of 1.3
-
Should be OK…
Information for /usr/ports/packages/All/unbound-1.4.7.tbz:
Depends on:
Dependency: expat-2.0.1_1
Dependency: openssl-1.0.0_4
Dependency: libevent-1.4.14b_1 -
As per my other post pfSense-Full-Update-2.0-BETA4-20101227-0643.tgz upgrade from the console today and Unbound DNS now installs. Thanks
Packages are recompiling now, should be uploading soon. Hopefully once they do it should pull libevent 1.4 instead of 1.3
