Strange state table bug since 2.1.5 to 2.2 RC nanobsd alix

xbipin

the other issues is the state table entries dont expire also untill its rebooted normally, happens on nanobsd only

cmb

what exactly do those states look like?

xbipin

well i tried to recreate the situation, didnt happen for now so give me some time and ill test it a few more time and get u the results

xbipin

i spoke too soon, it happens after like 5mins or so, entries r related to DNS from loopback to loopback IP, it floods the state table with those entries and making everything slow

cmb

Something is causing a significant number of DNS lookups. You using Unbound or dnsmasq?

xbipin

on 2.1.5 it used to happen with dnsmasq and now with RC 2.2 im using unbound and its still happening

cmb

Not likely to matter which, mostly wanted to know for purposes of suggestions from there. Add in the advanced box:

log-queries: yes

so it logs all your queries and see what it is that's being resolved. That should help determine where all those DNS queries are coming from and what they are.

xbipin

where is the log created and stored?

cmb

Resolver log.

xbipin

the problem is as soon as i enter that in custom box and hit save and apply, resolver stops working and ig et this error

php-fpm[83585]: /services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:89: error: syntax error read /var/unbound/unbound.conf failed: 1 errors in configuration file [1419919488] unbound[34655:0] fatal error: Could not read config file: /var/unbound/unbound.conf'

cmb

Ah, yeah that ends up in the wrong section for that purpose. If you're not reliant on anything in unbound only, easiest thing to try at this instant is switching back to DNS Forwarder, and adding advanced option:

log-queries

That will definitely work. Same log.

xbipin

php-fpm[27874]: /services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/unbound.conf:89: error: unknown keyword 'log-queries' read /var/unbound/unbound.conf failed: 1 errors in configuration file [1419921946] unbound[32026:0] fatal error: Could not read config file: /var/unbound/unbound.conf'

cmb

That reply was entirely unclear. I meant not unbound, switch back to DNS Forwarder and do that. Original post edited to correct.

xbipin

oh ok, trying it

xbipin

tried it and the log shows this, the address its trying to resolve in endless loop is relating to an alias i have with domain names relating to a openvpn tunnel with expressvpn

Dec 30 11:41:39 	kernel: [zone: pf states] PF states limit reached

Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 4 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 7 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 4 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster3.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 3 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 8 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: query[AAAA] germany-cluster3.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 3 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 2 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 1 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 20 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 16 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 3 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: query[AAAA] germany-cluster3.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 12 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 9 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 6 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster4.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 12 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 4 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 4 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[AAAA] germany-cluster2.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 2 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 5 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 7 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 7 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster2.expressnetwork.net is NODATA-IPv6
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster4.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.208.224
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 46.165.251.82
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 3 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: query[A] germany-cluster3.expressnetwork.net from 127.0.0.1
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 46.165.251.70
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster3.expressnetwork.net is 37.58.52.31
Dec 30 11:41:22 	dnsmasq[31602]: overflow: 8 log entries lost
Dec 30 11:41:22 	dnsmasq[31602]: cached germany-cluster4.expressnetwork.net is NODATA-IPv6

now no idea why does it go in a loop, probably some bug relating to aliases

xbipin

the strange thing is this happens when there is power failure or power cord is pulled and reconnected but doesnt happen when its gracefully shutdown or rebooted

cmb

What are the contents of the alias in question?

xbipin

below

cmb

Does something else happen in the event of power failure, like the modem also losing power and potentially not being up when the firewall boots so it has no Internet connectivity initially? Seems likely there is something other than just power failure happening that's making a difference. I can yank the plug on a system with the same alias configured and it's fine. No difference in behavior than a clean shut down.

All 4 of those hostnames resolve to the same 4 IPs. Not sure if that's somehow related, but doesn't seem to be an issue for me.

The dnsmasq logs are probably so verbose you're missing any logging from filterdns. Try disabling query logging now that we know where the queries are coming from, and then try to replicate. Once you can replicate, what logs do you have in the resolver log from filterdns?

xbipin

ill try to do that and get back to to u, meanwhile i also have this rule under floating tab relating to that alias as a match

no the modem remains on and pfsense connects as soon as it reboots