Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.2.5 Unbound SERVFAIL after connectivity interruption

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 1 Posters 710 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      I've been seeing something strange. My switch at home started rebooting (a separate issue that will be soon corrected) and after it comes back up, unbound refuses to resolve names.  I can stop it, restart it, and it still returns "SERVFAIL" to all queries.

      I have my cable and DSL modems (Multi-WAN) going through blank VLANs on the switch, so both lose link when the switch reboots.

      Both seem to come back up fine and I can ping out by IP address.

      Looks like I closed the window with my dig history, but it instantly returns SERVFAIL even after a restart of unbound.

      Rebooting pfSense clears it.

      This is consistent and repeatable - All I have to do is bounce the switch.

      The only thing I'm doing special is sourcing all unbound queries from LAN address to facilitate queries across OpenVPN tunnels.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Had some time to bounce this a couple more times this morning and take a closer look.  This was not related to unbound at all.  There were a couple issues at play.

        The first was somehow I ended up without an IPv4 default gateway set. I have Multi-WAN configured so traffic from the LANs was being policy routed out the Tier 1 but traffic from the firewall itself such as unbound queries had no route after a switch reboot.

        The second issue was a couple VLAN assignments not saved in the switch config. This is where things can get a little dicey when you're mixing inside and outside traffic on the same physical switch. I generally consider it safe - until a mistake is made.

        An SG300-52 is on the way to replace this failing D-Link.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.