Text only | Text with Images

OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: aimdev on March 11, 2022, 06:58:11 PM

Title: Unbound does not restart after changing tls status
Post by: aimdev on March 11, 2022, 06:58:11 PM
I enabled a dns over tls entry (which has worked, but was disabled to identify sputios lets encrypt messages) and applied, unbound then halted and had to be manually restarted.

Only log entry shows (all log options on)
2022-03-11T17:49:27   Informational   unbound   [88990:0] info: start of service (unbound 1.15.0).   
2022-03-11T17:49:27   Notice   unbound   daemonize unbound dhcpd watcher.   
2022-03-11T17:48:58   Informational   unbound   [88349:0] info: service stopped (unbound 1.15.0).

This will occur if I disable the entry, and apply

Versions   OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021
Title: Re: Unbound does not restart after changing tls status
Post by: cookiemonster on March 11, 2022, 11:29:46 PM
anything from "unbound-checkconf" ?
Title: Re: Unbound does not restart after changing tls status
Post by: aimdev on March 11, 2022, 11:41:21 PM
root@opnsense:~ # unbound-checkconf
unbound-checkconf: no errors in /usr/local/etc/unbound/unbound.conf
root@opnsense:~ #

Title: Re: Unbound does not restart after changing tls status
Post by: cookiemonster on March 11, 2022, 11:50:58 PM
Ok but you need to try to narrow down the problem.
try "sudo cat /var/log/resolver/latest.log | grep -i 'fatal' and similar. The point being that there is something Unbound is unhappy about and only you can root around your systems for clues.
Title: Re: Unbound does not restart after changing tls status
Post by: cookiemonster on March 11, 2022, 11:56:22 PM
And one more thing, look for system logs too for memory exhaustion, just in case Unbound is OK but a random victim to free resources.
Title: Re: Unbound does not restart after changing tls status
Post by: aimdev on March 12, 2022, 06:30:38 AM
tail -f /var/log/resolver/latest.log
de-selected tls entry pressed apply
log emtry
info: service stopped (unbound 1.15.0).
manually started service
daemonize unbound dhcpd watcher.
info: start of service (unbound 1.15.0).

Clearly I missed these on the gui log output, but
2022-03-12T05:23:25   Informational   unbound   [64546:0] info: start of service (unbound 1.15.0).   
2022-03-12T05:23:25   Notice   unbound   daemonize unbound dhcpd watcher.   
2022-03-12T05:21:13   Informational   unbound   [88990:0] info: service stopped (unbound 1.15.0).

they are there, as informational, amongst all the other informational messages.


Title: Re: Unbound does not restart after changing tls status
Post by: aimdev on March 12, 2022, 06:35:09 AM
re
And one more thing, look for system logs too for memory exhaustion, just in case Unbound is OK but a random victim to free resources.

Not sure I understand memory exhaustion, unbound is not randomly stopping.

Memory Stats
State table size   0 % ( 674/1625000 )
MBUF usage   0 % ( 6236/1010746 )
Memory usage   17 % ( 2881/16256 MB )
SWAP usage   0 % ( 0/8192 MB )
Title: Re: Unbound does not restart after changing tls status
Post by: cookiemonster on March 12, 2022, 08:44:00 PM
OK. Does changing in the UI for Unbound "Log File" to Debug and restarting it show any clues?
Scratch that, I just re-read your original post. Only happens with a particular DoT entry and nothing appears in the log even with debug.
I'm not sure what to suggest apart from digging into how to start it from command after figuring out a more verbose logging. I assume you have already increased the verbosity from the default level.
Text only | Text with Images