Unbound package updated to 1.4.13



  • I have updated Unbound to the latest version 1.4.13 and also added support for IPv6 ACLs. So if the IPv6 users could please test and let me know if you hit any problems.



  • Is this the correct version? 1.4.13_00
    I see in another post 1.4.13_01 but my system has not seen that version yet.



  • Nah 1.4.13_00 is the latest.



  • Thanks. By the way it all seems ok so far.



  • Cool good to hear.



  • @wagonza:

    Cool good to hear.

    Spoke to soon 😞

    dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process.



  • pfft! I will have a look at the problem in the morning.



  • @wagonza:

    pfft! I will have a look at the problem in the morning.

    Thanks! 🙂



  • wagonza another thing that I found since the latest update is that every time I want to see the “Available Packages or Installed Packages” it takes for ever as it would have a hard time resolving the repo address… I can confirm this because the pfsense check for update status times out and comes back with “Unable to check for updates”

    Any ideas?

    TIA.



  • hrmm thats normally because of DNS not resolving. When this happens double check that unbound is running. Also have you got unbound using forwarders?



  • @wagonza:

    hrmm thats normally because of DNS not resolving. When this happens double check that unbound is running. Also have you got unbound using forwarders?

    Yes unbound is running and no I am not using forwarders. do I need too?

    Here is what I have as settings:

    Interface: LAN
    Enable DNSSEC: Yes
    Enable forwarding mode: No
    Private Address support: Yes
    Register DHCP static mappings: Yes
    TXT Comment Support: No
    Cache Restoration Support: Yes

    Everything else is default except EDNS Buffer Size which is set to 4096

    As for you other post I am running version 1.4.13_00

    Edit:

    From the cli:

    unbound-control -h

    Version 1.4.13                                                                                                                                                                                                                             
    BSD licensed, see LICENSE in source package for details.                                                                                                                                                                                   
    Report bugs to unbound-bugs@nlnetlabs.nl

    Thanks for all the help!



  • Here is the latest one.

    Sep 30 13:30:08 dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process.



  • check your PM



  • Ok package updated to handle @serialdie’s problem. Updated to 1.4.13_01



  • wagonza,

    Thank you for the update.

    Please bare with me as my pkg refresh is very slow as I mention before.

    Thanks!

    Edit:

    Updating now. 🙂



  • All ok?



  • @wagonza:

    All ok?

    wagonza,

    Its all perfect!!! 😄

    Its even faster now!
    no more waiting for my pkg repo to load 😄

    Thank You!

    Pay pal Donations?



  • Good to hear!

    Donations would be great! -> http://pfsense.org/donate.html and if you do donate, just mention its for Unbound.
    Thanks!



  • @wagonza:

    Good to hear!

    Donations would be great! -> http://pfsense.org/donate.html and if you do donate, just mention its for Unbound.
    Thanks!

    Awesome will do that. 🙂

    I have one question. have you try after the upgrade to add a static entry under dhcp? I just did that and it cause unbound to massively crash… It wouldnt come back up from the webui I had to call it from cli.
    I wanted to see if any body can replicate my issue.



  • @serialdie:

    Awesome will do that. 🙂

    thanks.

    @serialdie:

    I have one question. have you try after the upgrade to add a static entry under dhcp? I just did that and it cause unbound to massively crash… It wouldnt come back up from the webui I had to call it from cli.
    I wanted to see if any body can replicate my issue.

    hrmm odd. Since when adding a static DHCP entry it doesn’t update Unbound. Unbound only gets updated when it is re-saved - as, currently, there is no way Unbound knows that the static DHCP mappings have been updated. I’ll see if I can replicate what you see in the morning.



  • wagonza,

    Well they have to work together some how since I have Register DHCP static mappings set to on.
    Thanks for the help and awesome work.



  • Yeah they do work together, but the list doesn’t get updated in Unbound until you re-save on Unbound. Unlike the current DNS Forwarder which has a background process updating it automatically when leases get updated.

    Unbound, currently, has no way of knowing when that list is updated so it wont auto-update.



  • @wagonza:

    Yeah they do work together, but the list doesn’t get updated in Unbound until you re-save on Unbound. Unlike the current DNS Forwarder which has a background process updating it automatically when leases get updated.

    Unbound, currently, has no way of knowing when that list is updated so it wont auto-update.

    ah! That make since.

    🙂



  • Hello,
    I am afraid but on my side : I have an issue : I am not able to get the ACLs (unbound_acls.php) and status (unbound_status.php) pages.
    I am redirected back to the standard settings page (pkg_edit.php?xml=unbound.xml&id=0)
    So it seems there is a problem with the xml config (?)



  • @GLR:

    Hello,
    I am afraid but on my side : I have an issue : I am not able to get the ACLs (unbound_acls.php) and status (unbound_status.php) pages.
    I am redirected back to the standard settings page (pkg_edit.php?xml=unbound.xml&id=0)
    So it seems there is a problem with the xml config (?)

    That generally means Unbound is not running as it checks to see if the process is running and if not it redirects you to that first setup page.
    You might have config errors which I would be interested in seeing. So from a shell you can run unbound-checkconf - it should return no errors.



  • Yes, now that Unbound is running, the tab are correctly displayed. So it is not so serious…
    But anyway, it is not a normal behaviour : How can we set the ACLs before starting it in that case ?



  • @GLR:

    Yes, now that Unbound is running, the tab are correctly displayed. So it is not so serious…
    But anyway, it is not a normal behaviour : How can we set the ACLs before starting it in that case ?

    ok good to hear. You raise a good point though i’ll remove that check for the ACL’s tab.



  • It would be great, thanks !



  • Package updated to 1.4.13_02 and ACLs can now be edited before starting Unbound.



  • Confirmed OK for me. Thanks again for the prompt fix !

    Btw, I would have some features requests for Unbound.
    I am still doing some tunning by hand in the config file…
    Is there such a list available somewhere ?



  • Nope, no list, but you can PM them when you have the list.



  • I think there is still something that remains not exact in the settings tab :

    Network interface
    The network interface(s) the Unbound DNS server will query from.

    This is wrong, this option defines the Unbound config attribute “interface:”, so the interface on which Unbound will bind/listen.
    And indeed, it generates this entry in the config file :

    Interface IP(s) to bind to

    interface: <ip>> interface:

    This interface is listened to for queries from clients, and answers to clients are given from it.

    Whereas Unbound config attribute “outgoing-interface:” is not available in the settings pages.

    outgoing-interface:
    This interface is used to send queries to authoritative servers and receive their replies.

    And actually I also need this option to direct some queries to an authoritative NS through an IPSec tunnel.  :-</ip>



  • Only just updated to 1.4.13_02 but get get this error:

    
    php: /pkg_mgr_install.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '[1317586911] unbound[7976:0] error: setsockopt(..., SO_RCVBUF, ...) failed: No buffer space available [1317586911] unbound[7976:0] fatal error: could not open ports'
    
    

    Was I too quick or is it broken?



  • [code][quote]
    Yeah they do work together, but the list doesn't get updated in Unbound until you re-save on Unbound. Unlike the current DNS Forwarder which has a background process updating it automatically when leases get updated. 
    
    Unbound, *currently*, has no way of knowing when that list is updated so it wont auto-update.
    [/quote]
    
    Wagonza,
    
    The same issue happen. I can replicate this in two pfsense systems. every time I make a static entry or change the hostname of the static entry unbound crashes.
    :
    
    [code]
    Oct 2 18:36:32	dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Oct 2 18:36:32	dhcpd: All rights reserved.
    Oct 2 18:36:32	dhcpd: Copyright 2004-2011 Internet Systems Consortium.
    Oct 2 18:36:32	dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1[/code]
    
    unbound.log:
    
    [code]
    Oct  2 18:36:31 craken unbound: [19729:0] info: service stopped (unbound 1.4.13). [/code][/code]
    


  • @Tikimotel:

    Only just updated to 1.4.13_02 but get get this error:

    
    php: /pkg_mgr_install.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '[1317586911] unbound[7976:0] error: setsockopt(..., SO_RCVBUF, ...) failed: No buffer space available [1317586911] unbound[7976:0] fatal error: could not open ports'
    
    

    Was I too quick or is it broken?

    Nope looks like something else is wrong on your system. Network card ok?



  • @serialdie:

    [code][quote]
    Yeah they do work together, but the list doesn't get updated in Unbound until you re-save on Unbound. Unlike the current DNS Forwarder which has a background process updating it automatically when leases get updated. 
    
    Unbound, *currently*, has no way of knowing when that list is updated so it wont auto-update.
    [/quote]
    
    Wagonza,
    
    The same issue happen. I can replicate this in two pfsense systems. every time I make a static entry or change the hostname of the static entry unbound crashes.
    :
    
    [code]
    Oct 2 18:36:32	dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Oct 2 18:36:32	dhcpd: All rights reserved.
    Oct 2 18:36:32	dhcpd: Copyright 2004-2011 Internet Systems Consortium.
    Oct 2 18:36:32	dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1[/code]
    
    unbound.log:
    
    [code]
    Oct  2 18:36:31 craken unbound: [19729:0] info: service stopped (unbound 1.4.13). [/code]
    
    ahh - this is a side affect of having to deal with the DHCP Leases bug problem. I'm about to leave for Washington and then back to SA. So will only be able to get to this towards the end of the week.[/code]
    


  • @GLR:

    I think there is still something that remains not exact in the settings tab :

    Network interface
    The network interface(s) the Unbound DNS server will query from.

    This is wrong, this option defines the Unbound config attribute “interface:”, so the interface on which Unbound will bind/listen.
    And indeed, it generates this entry in the config file :

    Interface IP(s) to bind to

    interface: <ip>> interface:

    This interface is listened to for queries from clients, and answers to clients are given from it.

    Whereas Unbound config attribute “outgoing-interface:” is not available in the settings pages.

    outgoing-interface:
    This interface is used to send queries to authoritative servers and receive their replies.

    And actually I also need this option to direct some queries to an authoritative NS through an IPSec tunnel.  :-</ip>

    Yeah you are correct - i’ll update the wording etc and push out a new update. Most likely only towards the end of the week as Im off back home now.
    I got your PM btw so will look into those features.



  • @wagonza:

    @Tikimotel:

    Only just updated to 1.4.13_02 but get get this error:

    
    php: /pkg_mgr_install.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '[1317586911] unbound[7976:0] error: setsockopt(..., SO_RCVBUF, ...) failed: No buffer space available [1317586911] unbound[7976:0] fatal error: could not open ports'
    
    

    Was I too quick or is it broken?

    Nope looks like something else is wrong on your system. Network card ok?

    Thnx I Fixed it!
    Changed “kern.ipc.maxsockbuf” back to “default” in system tunables.
    Funny, I changed it whilst running the previous unbound 1.4.13_01 update and it was and stayed OK.



  • @wagonza:

    @serialdie:

    [code][quote]
    Yeah they do work together, but the list doesn't get updated in Unbound until you re-save on Unbound. Unlike the current DNS Forwarder which has a background process updating it automatically when leases get updated. 
    
    Unbound, *currently*, has no way of knowing when that list is updated so it wont auto-update.
    [/quote]
    
    Wagonza,
    
    The same issue happen. I can replicate this in two pfsense systems. every time I make a static entry or change the hostname of the static entry unbound crashes.
    :
    
    [code]
    Oct 2 18:36:32	dhcpd: For info, please visit https://www.isc.org/software/dhcp/
    Oct 2 18:36:32	dhcpd: All rights reserved.
    Oct 2 18:36:32	dhcpd: Copyright 2004-2011 Internet Systems Consortium.
    Oct 2 18:36:32	dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1[/code]
    
    unbound.log:
    
    [code]
    Oct  2 18:36:31 craken unbound: [19729:0] info: service stopped (unbound 1.4.13). [/code]
    
    ahh - this is a side affect of having to deal with the DHCP Leases bug problem. I'm about to leave for Washington and then back to SA. So will only be able to get to this towards the end of the week.[/code]
    

    Wagonza,

    No rush I am just reporting 🙂 I am not in a hurry since I dont change hostnames very often. I do create a lot of static entrys but I work around it by adding a cron job.
    Thank you for your fast response.



  • wagonza,

    I am experiencing some issue with unbound. At some point threw out the day unbound fails to resolve a given domain. for example. Yesterday my voip system was unable to resolve houston.voip.ms and I went to see if all my other system could resolve it and they couldn’t…. after about 10min I was able to start resolving the address again. This morning is doing the same thing with the domain dslreports.com and dlsr.net. Now I can log in to pfsense via ssh and in the cli I can nslookup dslreports.com and it would resolve just fine as the router uses the opendns servers…

    Any ideas why unbound could be doing this?

    Edit:

    Here is the log:

    Edit #2: Discard. I found the issue. Thanks.

    
    Oct 4 08:13:31	unbound: [63534:1] debug: cache memory msg=109664 rrset=431580 infra=12068 val=47188
    Oct 4 08:13:31	unbound: [63534:1] info: validator operate: query www.dslreports.com. A IN
    Oct 4 08:13:31	unbound: [63534:1] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
    Oct 4 08:13:31	unbound: [63534:1] debug: return error response SERVFAIL
    Oct 4 08:13:31	unbound: [63534:1] debug: out of query targets -- returning SERVFAIL
    Oct 4 08:13:31	unbound: [63534:1] info: processQueryTargets: www.dslreports.com. A IN
    Oct 4 08:13:31	unbound: [63534:1] info: iterator operate: query www.dslreports.com. A IN
    Oct 4 08:13:31	unbound: [63534:1] debug: iterator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
    Oct 4 08:13:31	unbound: [63534:1] info: validator operate: query i.dslr.net. A IN
    Oct 4 08:13:31	unbound: [63534:1] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
    Oct 4 08:13:31	unbound: [63534:1] debug: return error response SERVFAIL
    Oct 4 08:13:31	unbound: [63534:1] debug: out of query targets -- returning SERVFAIL
    Oct 4 08:13:31	unbound: [63534:1] info: processQueryTargets: i.dslr.net. A IN
    Oct 4 08:13:31	unbound: [63534:1] info: iterator operate: query i.dslr.net. A IN
    Oct 4 08:13:31	unbound: [63534:1] debug: iterator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
    Oct 4 08:13:31	unbound: [63534:1] info: validator operate: query remote2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_moddone
    Oct 4 08:13:31	unbound: [63534:1] info: finishing processing for remote2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] info: query response was nodata ANSWER
    Oct 4 08:13:31	unbound: [63534:1] info: reply from <easydns.com.> 194.0.2.19#53
    Oct 4 08:13:31	unbound: [63534:1] info: response for remote2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] info: iterator operate: query remote2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
    Oct 4 08:13:31	unbound: [63534:1] debug: cache memory msg=109664 rrset=431580 infra=12068 val=47188
    Oct 4 08:13:31	unbound: [63534:1] info: processQueryTargets: remote2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] info: iterator operate: query remote2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_pass
    Oct 4 08:13:31	unbound: [63534:1] info: validator operate: query dns2.easydns.net. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_moddone
    Oct 4 08:13:31	unbound: [63534:1] info: finishing processing for dns2.easydns.net. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] info: query response was nodata ANSWER
    Oct 4 08:13:31	unbound: [63534:1] info: reply from <easydns.net.> 64.68.193.10#53
    Oct 4 08:13:31	unbound: [63534:1] info: response for dns2.easydns.net. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] info: iterator operate: query dns2.easydns.net. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
    Oct 4 08:13:31	unbound: [63534:1] debug: cache memory msg=109648 rrset=431580 infra=12068 val=47188
    Oct 4 08:13:31	unbound: [63534:1] info: processQueryTargets: www.dslreports.com. A IN
    Oct 4 08:13:31	unbound: [63534:1] info: iterator operate: query www.dslreports.com. A IN
    Oct 4 08:13:31	unbound: [63534:1] debug: iterator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
    Oct 4 08:13:31	unbound: [63534:1] info: processQueryTargets: i.dslr.net. A IN
    Oct 4 08:13:31	unbound: [63534:1] info: iterator operate: query i.dslr.net. A IN
    Oct 4 08:13:31	unbound: [63534:1] debug: iterator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
    Oct 4 08:13:31	unbound: [63534:1] info: validator operate: query ns2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_moddone
    Oct 4 08:13:31	unbound: [63534:1] info: finishing processing for ns2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] info: query response was nodata ANSWER
    Oct 4 08:13:31	unbound: [63534:1] info: reply from <easydns.com.> 64.68.193.10#53
    Oct 4 08:13:31	unbound: [63534:1] info: response for ns2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] info: iterator operate: query ns2.easydns.com. AAAA IN
    Oct 4 08:13:31	unbound: [63534:1] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply</easydns.com.></easydns.net.></easydns.com.>
    

Locked
 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy