WOW… What at turd!



  • Upgraded to 2.3. lost dns resolution… can't restore full backup.

    Way to go guys... not!


  • Moderator

    Are you using pfBlockerNG DNSBL?



  • No



  • To add insult to injury, no mention in notes of deleted /etc/rc.restore_full_backup functionality!



  • The tgz is still there and can be restored manually if you want, but it shouldn't be hard to figure out why your DNS isn't working. I added a note to the change list that the feature was removed (it wasn't ever a guaranteed reliable way to downgrade). DNS obviously works for everyone else given we've been pushing 500-900 Mbps of auto update traffic and no one else has had DNS stop working.

    Using dnsmasq or Unbound? Check system logs for messages about whichever one you're running.



  • Please give me a link to a 2.2.4 iso. I've already wasted 2 hours messing with this without luck. I just want to go back to 2.2.4.

    I'll reinstall from scratch.


  • Moderator

    Are you using the DNS Forwarder (DNSMasq) or Unbound? Any errors in the system log or resolver.log? Maybe post a screenshot of the DNS Settings … No one can really help with just "lost dns resolution..."



  • Something that probably could have been fixed in minutes if you'd actually answered my questions.

    Old downloads are where they always are. https://files.pfsense.org/mirror/downloads/old/



  • @jcyr:

    Upgraded to 2.3. lost dns resolution… can't restore full backup.

    Way to go guys... not!

    Wow… What a turd post.

    There are ways to handle issues a bit better then your post.



  • Yes, agreed. Still, down for three hours now and no light in sight…. What would be a better name for such a problematic release?



  • Perhaps since you're incapable of troubleshooting if you'd answer the questions of those who are capable you'd get somewhere.



  • Based on today's posts I'm not alone. In the past one could expect to upgrade to a final release without too much need to debug, and if not satisfied could easily revert. Doesn't seem to be the case this time around.


  • Netgate

    Reinstall the version you came from and upload the config you saved before upgrading. Takes about 5 minutes.


  • Rebel Alliance Global Moderator

    I just updated to the release and it was as simple as click click.. If you had a problem, why don't you just download an ISO be it current or older and install clean… That you have been down for 3 hours, and all you have done is complain..



  • bit of a douchy post. no technical info, just trolling

    you obviously have no intention on getting it fixed



  • I see exactly 0 other posts with broken DNS. Outside of hardware-specific issues, of which there haven't been many, I don't see any others with a complete failure.

    We were serving as much as 1 update per second at peak earlier, and still 250-500 Mbps sustained now, about 20 updates every minute are happening right now. This is the highest rate of upgrades of any release we've ever done, and very few significant problem reports.

    Obviously you have something wrong. But if you're unwilling to do any troubleshooting, we can't help.



  • Sure, "re-install the version I came from, and restore the config". My first thought. Can't seem to locate 2.2.4 ISO in the archives though.


  • Rebel Alliance

    @jcyr:

    Can't seem to locate 2.2.4 ISO in the archives though.

    Really  ???




  • @jcyr:

    Yes, agreed. Still, down for three hours now and no light in sight…. What would be a better name for such a problematic release?

    maybe its a problematic user, not release?!? :o


  • Rebel Alliance Global Moderator

    Clearly some layer 8 issues for sure here..



  • This guy seems to be trolling you guys, i would just ignore him. He didnt even try and troubleshoot the issue.

    Personally, I did come to the forums to see the horror stories as i never trust any pfsense release in the first month or so, double on huge branch releases!

    But this was just crap. its barely a problem. so boo! i give it a 1/10 in terms of interesting issues.



  • 7 out of 7 upgrades with no problems.  Zilch.  Nada.



  • Ok, here's some details:

    Fresh install for 2.3 the restore config backup (fairly complex config with three 2 VLANS and trafic shaping)

    Using unbound: No dsn resolution at all!
    Using dnsmask: Partially working, can browse web sites that support IPV6. IPV4 sites, not all! (very strange).

    Nothing notable in system logs.

    Fresh install for 2.2.4 the restore same  config backup.

    All is well using unbound. Have not tried dnsmask… I'm done



  • The whole world revolves around one person.  "I"!



  • Thanks to all of you fanboys for all the helpfull sarcasm. I stand by my original comment. Over and out.



  • Thanks to all of you fanboys for all the helpful sarcasm. I stand by my original comment. Over and out.

    First of all, Why would you update to 2.3 if you depend on this setup? I mean on every upgrade there are going to be issues PERIOD. look at windows 8 windows 10, ios 8 ios9 i can keep going on and on the point is if you depend on the setup DONT F*** UPGRADE….PERIOD. Now if you want to help the community make a mini LAB so if you screw it wont matter and ask for help and look for bugs.  Second dont be all "sarcastic"

    Way to go guys… not!

    Thats not right…the software is free the help is free...so dont expect sometimes the best out of people..I know sometimes they can just put a "look at the wiki" or laugh at you just because they can but either way around 90 percent they are very helpful. And third of all you should ALWAYS explain not just

    WOW… What at turd!

    this is not a gossip site…



  • @jcyr:

    Thanks to all of you fanboys for all the helpfull sarcasm. I stand by my original comment. Over and out.

    Wouldn't consider myself a fan boy.  But don't take my word for it, look at my negative karma.

    I call it like I see it and frequently butt heads with the devs and even cmb.  But the tact in this thread from the very opening post was/is totally unwarranted.  Even to me.  And then to be uncooperative in trying to resolve the issue puts it that much more over the top.

    Hope you find a router that works perfectly for you all the time and every time.  Especially through major upgrades.  It is to be expect that of the tens of thousands of installations on wide variety of hardware and network implementations there are going to be some situations where there are issues.  Especially with a major upgrade.



  • Well I kind of am a Fan boy and had an issue upgrading, no problem come to the forums go to install and upgrade section  second solution fixed it for me. cake.

    thanks for the new release guys, I really appreciate that you have remand kind and professional, this guys is a troll.



  • @NOYB:

    I call it like I see it.

    So do I.
    @NOYB:

    But the tact in this thread from the very opening post was/is totally unwarranted.

    I agree, and for that I apologize. I was really pissed and I'll explain why.
    @NOYB:

    And then to be uncooperative in trying to resolve the issue puts it that much more over the top.

    Uncooperative? When everyone is screaming at you, resolving the issue translates to get this thing back online ASAP.
    @NOYB:

    Hope you find a router that works perfectly for you all the time and every time.

    pfSense 2.2.4 has run flawlessly since June 2015 without a single reboot. That comes pretty damned close to 'all the time, every time.'
    @NOYB:

    Especially through major upgrades.

    Usually a 'major' upgrades would be going from 2.x.x to 3.x.x, at least that's normally how versioning is done. 2.2.4 to 2.3… not so major.
    @NOYB:

    It is to be expect that of the tens of thousands of installations on wide variety of hardware and network implementations there are going to be some situations where there are issues.

    Yep. I must have that one in million system/config where the upgrade really went south. But IPV6 working, and not IPV4, with no unusual log entries… that's a strange one.

    This is what really burns:

    I've done many pfSense upgrades in the past and have come to certain expectations. Yes, there are sometimes a couple of things to adjust to restore full function. If not, one could always rely on a full backup restore fallback. Not this time. There was absolutely no mention in the release notes that the full restore capability had been removed from 2.3, a pretty important omission. Had there been, this mess wouldn't have happened. I understand the notes have been updated... too late in this case.

    One develops certain processes based on long term exposure and trust in a product. This one kind of blew all that away.



  • Don't take this the wrong way, but considering you couldn't even find the 2.2.4 ISO's in a directory that had about 5 of them, perhaps you should consider a new career outside of IT? Sounds like it might be a little too challenging for you



  • o.k. I had a hiccup with this upgrade.  Coming from the latest 3 previous builds running resolver with no problem at all.  This time around It stopped me cold.  Currently I am running forwarder so connectivity is good.  I would just like to see if I can find out what went wrong this time.  This was a no hands on build everything was done automatically.

    First off let me start by saying that whenever I do an upgrade I uninstall all the packages I currently have running in order to avoid any potential conflicts with the new build.  I leave the settings so reinstall can be as painless as possible.  I know it may not be necessary but I would rather error on the side of caution.  Beside I don't do anything very fancy and it suits my needs.

    This upgrade was done just as I have always done them with no problems in the upgrade process.  Very smooth actually.  Now this is where things turned interesting.  After the upgrade was done I logged into the pfsense box to verify functionality and to reinstall the applications I use.  All went well.  It was when I tried to connect to the internet from my network that I got an initial web site page and then nothing.  I pinged google from my pfsense box and the connection was good.  I just could not go to any web sites from my network computers.  I thought at first it was a problem with a post install configuration mistake so I restored to the latest backup snapshot done right after the upgrade but prior to customizing.  Same thing.  Initial web page loads followed by server not found errors.  At this point I started to uninstall packages that might be the problem.  Surricata and Snort.  Again tried the net from the network side and still nothing.  At that point I changed over from resolver to forwarder and bam all is good with the world.  If some one could help in figuring out what might have gone wrong I would be grateful.  Just understand that i'm somewhat of a noob and some hand holding may be involved.  That being said I am willing to give it a try if for no other reason than learning.  Thanks for the time and effort people.  Peace



  • I am a huge pfSense fan.
    I agree 2.3 is a turd.
    It should be named 3.0 and still be in beta. 
    I gave it 3 upgrade tries and 3 fresh installs and 10 hours before I gave up and went back to 2.2.6.



  • We are all here to help, but acting like this isn't getting you anywhere. I'll put my time into someone who appreciates my help and not someone like you. Enjoy 2.2.4.


  • Rebel Alliance Global Moderator

    You have to wonder why are they on 2.2.4?  and not 2.2.6 if they are so worried about updating?

    If this is a production environment, where was the test of the upgrade, was there change control?  You would upgrade your production wan router/firewall without testing?  Without simple easy backout plan?  Like already having install media at hand to clean install, or for that matter even taking an image of the machine before so you could just reimage it.

    If this is a production environment, why is there not a carp setup.. And you could always just break the carp, upgrade, test ok let everyone use this one.. Upgrade the other one, then redo the carp.  There are plenty of ways to actually roll out an upgrade in a production environment that prevents this sort of thing from ever even being an issue.

    I just love how your complete an utter lack of any planning or forethought on what could and might go wrong and how to prevent it is pfsense problem??  Or why anyone here should give 2 shits at all? More than happy to help someone fix something, but its just plain hard to fix stupid..

    JFC even on my home network I have backup plan if something goes wrong..  I run vm, so I have an image I can easy roll back too.  But if something is wrong with the image, and that doesn't restore I always have the new media and current media to install from.  And if my hardware decides that during the upgrade is the best time to take a shit, I always have my old school soho routers I could put in place until get the esxi host fixed up, etc.

    Its fine your frustrated - but who you should be frustrated with is yourself for how you could let something like this ever become anything other than a minor blip on some monitoring of your wan connectivity being down for a few minutes.  And if this really a production environment not only should you have your peepee slapped, your boss should have his slapped as well and their boss as well for a complete and utter lack on any sort of planning or contingency for when shit happens..

    How this thread should of gone is.. Hey had a problem with the upgrade.  Got xyz for errors, here is screen shot and logs..  My hardware is ABC, with packages 123 installed.  I got it booted, but X didn't work, or could not get it booted at all.  I tried X and Y and finally had to fallback to original setup..  What do you guys think the problem could be - and then exchange of more info, some questions asked and answered and if think problem found give it another go, etc..

    The other thing that just blows my mind, is how is this even in the forums.. If this really is a "production" setup for actual company how do you not have support, and would be dealing with them directly for such a problem vs coming to a forum that is community supported and calling the product a turd.. I have to agree really just points to some troll trying to get some lulz..



  • ^ agreed, if he really did what he says he did in a production environment, I would have fired him. I've never seen any of my employees act so stupidly, even with home networks. You don't drop brand new software on a production machine with no snapshots/backups or spare images around, especially when you're apparently too cheap for commercial support, double-especially with zero testing in your environment first



  • +1



  • I had no issue with the upgrade. I wiped and did a fresh install and restored using my 2.2.6 backup and all works like a charm.



  • the upgrade from 2.2.6 > 2.3-release also worked without any issues for me. the only package i had installed was mailreport. upgraded and back online in less than 5 minutes. great job, guys (and gals)!



  • @fohdeesha:

    Don't take this the wrong way, but considering you couldn't even find the 2.2.4 ISO's in a directory that had about 5 of them, perhaps you should consider a new career outside of IT? Sounds like it might be a little too challenging for you

    A couple of things to consider. This did not happen on a "production" system, it happened at home, but that does not make it less important for those using it. Secondly, most of the code I've developed over the last 10 years actually lives embedded in over 50% of all cablemodems in use today. I've actually got some code in pfSense, not a ton but a few fixes and improvements here and there. So, no, I'm not an "IT" guy, nor would I ever consider a career in IT, the pay is too low.

    Mea culpa. I wish I had taken a deep breath and calmed down before dashing off that original post, starting this shit storm of pontification. Lesson learned….



  • @jcyr:

    Mea culpa. I wish I had taken a deep breath and calmed down before dashing off that original post, starting this shit storm of pontification. Lesson learned….


Locked