Hi,
with todays update it looks like something strange happened to unbound (and it's reporting tool).
Reporting stopped working. And getting a lot of errors within ounbound log:
[35098:1] error: recvfrom 40 failed: Protocol not available
...
[71101:0] error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)
...
Looks like something is broken.
Restarted OPNsense and tried everything - but doesn't work.
EDIT: Issue solved!
opnsense-patch -a kulikov-a 404b9d5
Do you really need to post in two threads and open a third?
Cheers,
Franco
at least some info..
this is unbound errors, not blocklist or logger modules i think.
is unbound itself working?
Quote from: Fright on February 15, 2023, 08:20:29 PM
is unbound itself working?
Yes - Unbound itself works without any issues. Despite all the errors within the logs and not working Unbound reporting.
Quote from: franco on February 15, 2023, 08:19:09 PM
Do you really need to post in two threads and open a third?
Sorry - found out, that the other two topics do not fit.
So I thought it would be the best to have a separate topic on it to not influence the other topics in the wrong way.
Looks like I found something.
1. It doesn't resolve client hostnames
2. when 'disabling' Register DHCP leases & Register DHCP static mappings it starts working again
But as I said - no hostname resolution (of local clients)
EDIT: Have to correct me... Stopped again working since a few minutes. 🤷🏼♂️
You might have missed in the hurry to seek assistance, that you haven't provided any information about your setup. The Unbound setup and the system one that can affect this behaviour i.e. DNS settings in other parts of the system.
@dumbo
sorry, but it's a bit confusing. Are there any errors in the general log? does the unbound itself work exactly (does the resolution of at least some names work)? if you enable display of all messages (Deebug) in the unbound log, are there any messages like "info: dnsbl_module: no logging backend found."?
@tuto2
Hi!
after the update, I had a several times when the logger was tried to start before the pipe was ready.
producing "Unable to open pipe. This is likely because Unbound isn't running." and exit
making the pipe before list load fixed this. (https://github.com/opnsense/core/blob/bc1a8778ab2140e46175ecf2546b634f87087f07/src/opnsense/service/templates/OPNsense/Unbound/core/dnsbl_module.py#L68)
if self.stats_enabled:
self.create_pipe_rdv()
self.update_dnsbl(self.log_update_time)
maybe that makes sense?
Quote from: Fright on February 15, 2023, 09:43:17 PM
@dumbo
sorry, but it's a bit confusing. Are there any errors in the general log? does the unbound itself work exactly (does the resolution of at least some names work)? if you enable display of all messages (Deebug) in the unbound log, are there any messages like "info: dnsbl_module: no logging backend found."?
Hi. Concerning your questions:
- yes a lot of errors within general log of unbound
- Unbound still does work - only reporting is broken
- yes - it's flooding the unbound log
info: dnsbl_module: attempting to open pipe AND info: dnsbl_module: no logging backend found.If I play with unbound settings it starts to work again for a short amount of time - then again no reporting and a lot of those messages within unbound debug log.
And what else does occour is, that the reporting tool (old not updated entries are still there) lost their client name resolution and only showing IPs instead of names.
ok, thanks. may be now the db is initializing so quickly that the pipe is not yet ready because the lists is still loading into memory.
can you try with:
opnsense-patch -a kulikov-a 404b9d5
please? (need to reload unbound after the patch)
THX a lot. It solved my Problem from here (https://forum.opnsense.org/index.php?topic=32489.msg157165#msg157165).
Quote from: Fright on February 16, 2023, 06:32:20 AM
can you try with:
opnsense-patch -a kulikov-a 404b9d5
please? (need to reload unbound after the patch)
Will try it later. Thanks.
Quote from: Fright on February 16, 2023, 06:32:20 AM
can you try with:
opnsense-patch -a kulikov-a 404b9d5
please? (need to reload unbound after the patch)
Issue solved! As it's one of the main new features of 23.1 I hope there will be/come an update patch for the release.
Thx a lot!
@Syon @dumbo
thanks for the feedback!
I'll try to make a pr
for the ref. https://github.com/opnsense/core/pull/6331
AdSchellevis insisted that the patch do the right thing right away, not just play with the actions order :)
so its
opnsense-patch 7ebe361
now
imho it is better to use it now instead of the test one, but if everything works, then it can wait for the next release
included in 23.1.1_2
Hello guys,
i have the same issue with opnsense release :
Versions OPNsense 23.1.10_1-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1u 30 May 2023
My log
2023-06-27T00:28:11 Error unbound [37080:0] error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)
2023-06-27T00:00:12 Error unbound [52571:0] error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)
2023-06-26T23:44:53 Error unbound [36503:0] error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)
2023-06-26T22:55:24 Error unbound [36970:0] error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)
Does version 23.1.10 fix the bug or will the fix arrive in a future release?
regards,