Unable to auto-update snapshots

MikeV7896

Ok… scratch me from having the problem. I was actually having an issue with unbound (see that thread). I just unchecked that setting and it's still checking for updates.

emce

I'm assuming you'd like this output from the "error" state, ie, "Do not use the DNS Forwarder as a DNS server for the firewall" is toggled off for the following…

Current sockstat output:

$ sockstat -4 | grep 53
unbound  unbound    67721 10 udp4   10.0.0.1:53           *:*
unbound  unbound    67721 11 tcp4   10.0.0.1:53           *:*
unbound  unbound    67721 12 tcp4   127.0.0.1:953         *:*
root     miniupnpd  40431 16 udp4   10.0.0.1:5351         *:*
?        ?          ?     ?  tcp4   <myip>:53366   192.12.94.30:53
?        ?          ?     ?  tcp4   <myip>:12766   192.41.162.30:53</myip></myip>

I didn't notice anything relevant in the resolver log, but this basic block is repeated:

Nov 25 18:18:32	unbound: [1038:0] info: start of service (unbound 1.4.22).
Nov 25 18:18:32	unbound: [1038:0] notice: init module 1: iterator
Nov 25 18:18:32	unbound: [1038:0] notice: init module 0: validator
Nov 25 18:18:32	unbound: [1038:0] notice: Restart of unbound 1.4.22.
Nov 25 18:18:32	unbound: [1038:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 25 18:18:32	unbound: [1038:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch
Nov 25 18:18:32	unbound: [1038:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 25 18:18:32	unbound: [1038:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch
Nov 25 18:18:32	unbound: [1038:0] info: service stopped (unbound 1.4.22).
Nov 25 18:18:31	unbound: [1038:0] info: start of service (unbound 1.4.22).
Nov 25 18:18:31	unbound: [1038:0] notice: init module 1: iterator
Nov 25 18:18:31	unbound: [1038:0] notice: init module 0: validator
Nov 25 18:18:31	unbound: [1038:0] notice: Restart of unbound 1.4.22.
Nov 25 18:18:31	unbound: [1038:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 25 18:18:31	unbound: [1038:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch
Nov 25 18:18:31	unbound: [1038:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 25 18:18:31	unbound: [1038:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch
Nov 25 18:18:31	unbound: [1038:0] info: service stopped (unbound 1.4.22).
Nov 25 18:18:31	unbound: [1038:0] info: start of service (unbound 1.4.22).
Nov 25 18:18:31	unbound: [1038:0] notice: init module 1: iterator
Nov 25 18:18:31	unbound: [1038:0] notice: init module 0: validator
Nov 25 18:18:30	unbound: [67721:0] info: 1.000000 2.000000 6
Nov 25 18:18:30	unbound: [67721:0] info: 0.524288 1.000000 14
Nov 25 18:18:30	unbound: [67721:0] info: 0.262144 0.524288 6
Nov 25 18:18:30	unbound: [67721:0] info: 0.131072 0.262144 2
Nov 25 18:18:30	unbound: [67721:0] info: 0.065536 0.131072 13
Nov 25 18:18:30	unbound: [67721:0] info: 0.032768 0.065536 15
Nov 25 18:18:30	unbound: [67721:0] info: 0.016384 0.032768 10
Nov 25 18:18:30	unbound: [67721:0] info: 0.008192 0.016384 2
Nov 25 18:18:30	unbound: [67721:0] info: 0.000000 0.000001 5
Nov 25 18:18:30	unbound: [67721:0] info: lower(secs) upper(secs) recursions
Nov 25 18:18:30	unbound: [67721:0] info: [25%]=0.0354987 median[50%]=0.0882215 [75%]=0.583752
Nov 25 18:18:30	unbound: [67721:0] info: histogram of recursion processing times
Nov 25 18:18:30	unbound: [67721:0] info: average recursion processing time 0.301498 sec
Nov 25 18:18:30	unbound: [67721:0] info: server stats for thread 1: requestlist max 19 avg 3.60811 exceeded 0 jostled 0
Nov 25 18:18:30	unbound: [67721:0] info: server stats for thread 1: 87 queries, 14 answers from cache, 73 recursions, 1 prefetch

cmb

You're not binding to localhost, so it fails when you tell it to use localhost.

That should skip 127.0.0.1 being added to resolv.conf in that circumstance to avoid breaking with such misconfigurations. There's a problem of some sort there, looking.

phil.davis

I didn't notice anything relevant in the resolver log, but this basic block is repeated:

Just a note to say that this seems to be normal behavior on startup. I guess it starts and then sends it SIGHUP or whatever messages that are causing it to reload (what would be an unchanged config at that point). I don't think any harm is done. A side-issue to the issue of this thread.
Ref this post: https://forum.pfsense.org/index.php?topic=84474.0

emce

@cmb:

You're not binding to localhost, so it fails when you tell it to use localhost
…

I've updated the resolver to bind to localhost as well as the LAN IP and it did correct the issue.  I don't remember modifying that, but apparently I did at some point.

Thanks!

cmb

@cmb:

You're not binding to localhost, so it fails when you tell it to use localhost.

That should skip 127.0.0.1 being added to resolv.conf in that circumstance to avoid breaking with such misconfigurations.

That problem is fixed.

While there, I also added input validation so if you have the system configured in such a way that 127.0.0.1 would normally end up in resolv.conf, it forces you to pick Localhost in the bindings list in Unbound or check "Do not use the DNS Forwarder as a DNS server for the firewall" to allow it to be omitted.