• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unbound DNS Resolver problem?

2.3-RC Snapshot Feedback and Issues - ARCHIVED
4
9
5.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jwsmiths
    last edited by Apr 5, 2016, 8:55 PM

    php-fpm[35774]: /services_unbound_advanced.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid em1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.3.3-P1 Copyright 2004-2016 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpd.conf Database file: /var/db/dhcpd.leases PID file: /var/run/dhcpd.pid Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 112 leases to leases file. Listening on BPF/em1/xx:xx:xx:xx:xx:xx/10.0.1.0/24 Sending on BPF/em1/xx:xx:xx:xx:xx:xx/10.0.1.0/24 Can't bind to dhcp address: Address already in use Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf. Also make sure you are not running HP JetAdmin software, which includes a bootp server. If you think you have received t

    Updated today - DNS does not seem be working though I cannot tell why.  I am certainly not running HP Jet Admin.

    1 Reply Last reply Reply Quote 0
    • C
      cmb
      last edited by Apr 5, 2016, 9:02 PM

      That's just something trying to start dhcpd while it's already running. Likely just log spam, and definitely wouldn't have any impact on DNS.

      1 Reply Last reply Reply Quote 0
      • J
        jwsmiths
        last edited by Apr 5, 2016, 9:36 PM

        @cmb:

        That's just something trying to start dhcpd while it's already running. Likely just log spam, and definitely wouldn't have any impact on DNS.

        And had it been nothing but that log entry I'd agree with you but whenever I try to go to websites I see that my system is falling back to my secondary DNS server:
        imac:~ justinsmith$ nslookup www.apple.com
        ;; Got SERVFAIL reply from 10.0.1.1, trying next server
        Server: 10.0.1.2
        Address: 10.0.1.2#53

        Non-authoritative answer:
        www.apple.com canonical name = www.apple.com.edgekey.net.
        www.apple.com.edgekey.net canonical name = www.apple.com.edgekey.net.globalredir.akadns.net.
        www.apple.com.edgekey.net.globalredir.akadns.net canonical name = e6858.dscc.akamaiedge.net.
        Name: e6858.dscc.akamaiedge.net
        Address: 104.70.75.117

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by Apr 5, 2016, 10:51 PM

          Just saying that log in particular has no relation to any DNS issues.

          Unbound service running? Looks like it should be, assuming the 10.0.1.1 IP is Unbound? Do you have forwarding mode enabled? DNSSEC enabled?

          1 Reply Last reply Reply Quote 0
          • X
            xbipin
            last edited by Apr 6, 2016, 9:04 AM

            i have dns resolver issue such that it wont start at boot

             Apr 6 13:03:22 	unbound 	35699:0 	error: Error for server-cert-file: /var/unbound/unbound_server.pem
            Apr 6 13:03:22 	unbound 	35699:0 	error: Error in SSL_CTX use_certificate_chain_file crypto error:02001002:system library:fopen:No such file or directory
            Apr 6 13:03:22 	unbound 	35699:0 	error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
            Apr 6 13:03:22 	unbound 	35699:0 	error: and additionally crypto error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
            Apr 6 13:03:22 	unbound 	35699:0 	fatal error: could not set up remote-control
            Apr 6 13:03:24 	unbound 	48279:0 	error: Error for server-cert-file: /var/unbound/unbound_server.pem
            Apr 6 13:03:24 	unbound 	48279:0 	error: Error in SSL_CTX use_certificate_chain_file crypto error:02001002:system library:fopen:No such file or directory
            Apr 6 13:03:24 	unbound 	48279:0 	error: and additionally crypto error:20074002:BIO routines:FILE_CTRL:system lib
            Apr 6 13:03:24 	unbound 	48279:0 	error: and additionally crypto error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
            Apr 6 13:03:24 	unbound 	48279:0 	fatal error: could not set up remote-control 
            
            1 Reply Last reply Reply Quote 0
            • J
              jwsmiths
              last edited by Apr 6, 2016, 12:50 PM

              @cmb:

              Just saying that log in particular has no relation to any DNS issues.

              Unbound service running? Looks like it should be, assuming the 10.0.1.1 IP is Unbound? Do you have forwarding mode enabled? DNSSEC enabled?

              I see what you're saying about that log post - and I knew that it seemed odd that it was mentioning dhcpd, but I figured maybe the message was truncated or I was mis-understanding something.  Regardless it is the only message in the log from Unbound.

              The service is running, DNNSEC is enabled.  Now I have forwarding mode enabled and it is working, however, if I disable forwarding mode it fails again.

              -Justin

              1 Reply Last reply Reply Quote 0
              • J
                jwsmiths
                last edited by Apr 6, 2016, 5:23 PM

                @cmb:

                Just saying that log in particular has no relation to any DNS issues.

                Unbound service running? Looks like it should be, assuming the 10.0.1.1 IP is Unbound? Do you have forwarding mode enabled? DNSSEC enabled?

                As usual (and of course unexpectedly) you were absolutely correct that the log had absolutely zero to do with the problem.  The solution was (and I should have thought of checking this sooner) that Suricata was blocking the root DNS servers due to "Invalid UDP Checksum" errors.  I simply un-blocked the servers (suppressed the alert for those IPs) and now Unbound works perfectly.  Not sure why Suricata decided to start blocking them now and had never done so in the past, but alas the problem is fixed.  Thanks for your help!

                -Justin

                1 Reply Last reply Reply Quote 0
                • L
                  laurpaum
                  last edited by Apr 6, 2016, 9:18 PM

                  If running suricata in inline mode, you have to disable hardware offloading.

                  See https://forum.pfsense.org/index.php?topic=108068.msg601891

                  Laurent

                  1 Reply Last reply Reply Quote 0
                  • J
                    jwsmiths
                    last edited by Apr 6, 2016, 9:29 PM

                    @laurpaum:

                    If running suricata in inline mode, you have to disable hardware offloading.

                    See https://forum.pfsense.org/index.php?topic=108068.msg601891

                    Laurent

                    Yeah I just got hit by the bug probably a minute after you replied to my initial post - disabled now! Hope this is just temporary.
                    -Justin

                    1 Reply Last reply Reply Quote 0
                    6 out of 9
                    • First post
                      6/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.