2.2.5 Unbound SERVFAIL after connectivity interruption
-
I've been seeing something strange. My switch at home started rebooting (a separate issue that will be soon corrected) and after it comes back up, unbound refuses to resolve names. I can stop it, restart it, and it still returns "SERVFAIL" to all queries.
I have my cable and DSL modems (Multi-WAN) going through blank VLANs on the switch, so both lose link when the switch reboots.
Both seem to come back up fine and I can ping out by IP address.
Looks like I closed the window with my dig history, but it instantly returns SERVFAIL even after a restart of unbound.
Rebooting pfSense clears it.
This is consistent and repeatable - All I have to do is bounce the switch.
The only thing I'm doing special is sourcing all unbound queries from LAN address to facilitate queries across OpenVPN tunnels.
-
Had some time to bounce this a couple more times this morning and take a closer look. This was not related to unbound at all. There were a couple issues at play.
The first was somehow I ended up without an IPv4 default gateway set. I have Multi-WAN configured so traffic from the LANs was being policy routed out the Tier 1 but traffic from the firewall itself such as unbound queries had no route after a switch reboot.
The second issue was a couple VLAN assignments not saved in the switch config. This is where things can get a little dicey when you're mixing inside and outside traffic on the same physical switch. I generally consider it safe - until a mistake is made.
An SG300-52 is on the way to replace this failing D-Link.