Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange state table bug since 2.1.5 to 2.2 RC nanobsd alix

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    29 Posts 2 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xbipin
      last edited by

      i have noticed this strange bug since the last two major pfsense releases on the nanobsd alix. What happens is when its booted up and working and then if there is a sudden power loss and after a while the power returns and it auto starts, that time it boots up fine but soon after that the state table entries just keep rising till they go more than 90% and completely slow down the system, upon checking the state table entries i found just normal loopback ip entries, probably the system is stuck in some loop causing such entries and then to resolve them is to select reboot from the web gui or the serial console and then its all back to normal.

      any idea whats causing this?

      1 Reply Last reply Reply Quote 0
      • X
        xbipin
        last edited by

        the other issues is the state table entries dont expire also untill its rebooted normally, happens on nanobsd only

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          what exactly do those states look like?

          1 Reply Last reply Reply Quote 0
          • X
            xbipin
            last edited by

            well i tried to recreate the situation, didnt happen for now so give me some time and ill test it a few more time and get u the results

            1 Reply Last reply Reply Quote 0
            • X
              xbipin
              last edited by

              i spoke too soon, it happens after like 5mins or so, entries r related to DNS from loopback to loopback IP, it floods the state table with those entries and making everything slow

              CropperCapture[1].jpg
              CropperCapture[1].jpg_thumb
              CropperCapture[2].jpg
              CropperCapture[2].jpg_thumb
              CropperCapture[3].jpg
              CropperCapture[3].jpg_thumb

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                Something is causing a significant number of DNS lookups. You using Unbound or dnsmasq?

                1 Reply Last reply Reply Quote 0
                • X
                  xbipin
                  last edited by

                  on 2.1.5 it used to happen with dnsmasq and now with RC 2.2 im using unbound and its still happening

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    Not likely to matter which, mostly wanted to know for purposes of suggestions from there. Add in the advanced box:

                    log-queries: yes

                    so it logs all your queries and see what it is that's being resolved. That should help determine where all those DNS queries are coming from and what they are.

                    1 Reply Last reply Reply Quote 0
                    • X
                      xbipin
                      last edited by

                      where is the log created and stored?

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb
                        last edited by

                        Resolver log.

                        1 Reply Last reply Reply Quote 0
                        • X
                          xbipin
                          last edited by

                          the problem is as soon as i enter that in custom box and hit save and apply, resolver stops working and ig et this error

                          
php-fpm[83585]: /services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:89: error: syntax error read /var/unbound/unbound.conf failed: 1 errors in configuration file [1419919488] unbound[34655:0] fatal error: Could not read config file: /var/unbound/unbound.conf'
                          1 Reply Last reply Reply Quote 0
                          • C
                            cmb
                            last edited by

                            Ah, yeah that ends up in the wrong section for that purpose. If you're not reliant on anything in unbound only, easiest thing to try at this instant is switching back to DNS Forwarder, and adding advanced option:

                            log-queries

                            That will definitely work. Same log.

                            1 Reply Last reply Reply Quote 0
                            • X
                              xbipin
                              last edited by 

                              php-fpm[27874]: /services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:89: error: unknown keyword 'log-queries' read /var/unbound/unbound.conf failed: 1 errors in configuration file [1419921946] unbound[32026:0] fatal error: Could not read config file: /var/unbound/unbound.conf'
                              1 Reply Last reply Reply Quote 0
                              • C
                                cmb
                                last edited by

                                That reply was entirely unclear. I meant not unbound, switch back to DNS Forwarder and do that. Original post edited to correct.

                                1 Reply Last reply Reply Quote 0
                                • X
                                  xbipin
                                  last edited by

                                  oh ok, trying it

                                  1 Reply Last reply Reply Quote 0
                                  • X
                                    xbipin
                                    last edited by

                                    tried it and the log shows this, the address its trying to resolve in endless loop is relating to an alias i have with domain names relating to a openvpn tunnel with expressvpn

                                    Dec 30 11:41:39 	kernel: [zone: pf states] PF states limit reached

                                    Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 4 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 7 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 4 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster3.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 3 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 8 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: query[AAAA] germany-cluster3.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 3 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 2 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 1 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 20 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 16 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 3 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: query[AAAA] germany-cluster3.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 12 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 9 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 6 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster4.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 12 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 4 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 4 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[AAAA] germany-cluster2.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 2 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 5 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 7 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 7 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster4.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 3 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster3.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 8 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is NODATA-IPv6

                                    now no idea why does it go in a loop, probably some bug relating to aliases

                                    1 Reply Last reply Reply Quote 0
                                    • X
                                      xbipin
                                      last edited by

                                      the strange thing is this happens when there is power failure or power cord is pulled and reconnected but doesnt happen when its gracefully shutdown or rebooted

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        cmb
                                        last edited by

                                        What are the contents of the alias in question?

                                        1 Reply Last reply Reply Quote 0
                                        • X
                                          xbipin
                                          last edited by

                                          below

                                          CropperCapture[1].jpg
                                          CropperCapture[1].jpg_thumb

                                          1 Reply Last reply Reply Quote 0
                                          • C
                                            cmb
                                            last edited by

                                            Does something else happen in the event of power failure, like the modem also losing power and potentially not being up when the firewall boots so it has no Internet connectivity initially? Seems likely there is something other than just power failure happening that's making a difference. I can yank the plug on a system with the same alias configured and it's fine. No difference in behavior than a clean shut down.

                                            All 4 of those hostnames resolve to the same 4 IPs. Not sure if that's somehow related, but doesn't seem to be an issue for me.

                                            The dnsmasq logs are probably so verbose you're missing any logging from filterdns. Try disabling query logging now that we know where the queries are coming from, and then try to replicate. Once you can replicate, what logs do you have in the resolver log from filterdns?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.