Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Sparkey on May 20, 2024, 05:56:00 PM

Title: DNS not resolving after reboot
Post by: Sparkey on May 20, 2024, 05:56:00 PM
My unbound has stopped working I have restore from last wo backups same issue each time:

OPNsense 24.1.7-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

Any help would be appreciated

Thanks!

2023-01-01T16:05:43-06:00   Error   unbound   [32138:0] error: remote control failed ssl crypto error:0A000412:SSL routines::sslv3 alert bad certificate   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake failed crypto error:16000069:STORE routines::unregistered scheme   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake failed crypto error:16000069:STORE routines::unregistered scheme   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake failed crypto error:16000069:STORE routines::unregistered scheme   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake failed crypto error:16000069:STORE routines::unregistered scheme   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory
Title: Re: DNS not resolving after reboot
Post by: meyergru on May 20, 2024, 06:12:20 PM
Code Select

2023-01-01T16:05:43-06:00   Error   unbound   [32138:0] error: remote control failed ssl crypto error:0A000412:SSL routines::sslv3 alert bad certificate   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   


Obviously, your certificate is "not yet" valid. Seems your system time is off now or was off when you created the certificate.
Title: Re: DNS not resolving after reboot
Post by: Sparkey on May 20, 2024, 06:49:35 PM
Thanks!

I assume it is not resolving from the Wan side to get to the pool?

I had unbound service stopped. I started it again. I looks like the OPNSense box cant resolve from the device itself.

0.opnsense.pool.ntp.org

Time Logs.

2023-11-09T21:38:06-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2023-11-07T08:14:36-06:00   Error   ntpd   error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (8)   
2023-11-07T08:14:36-06:00   Error   ntpd   error resolving pool 2.opnsense.pool.ntp.org: Name does not resolve (8)   
2023-11-07T08:14:36-06:00   Error   ntpd   error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (8)   
2023-11-07T08:14:30-06:00   Error   ntpd   error resolving pool 0.opnsense.pool.ntp.org: Name does not resolve (8)

Unbound logs

2024-04-05T12:17:03-05:00   Informational   ntpd   174.53.169.69 local addr [REDACTED] -> <null>   
2024-04-05T12:16:43-05:00   Informational   ntpd   135.148.100.14 local addr [REDACTED] -> <null>   
2024-04-05T12:16:02-05:00   Informational   ntpd   69.10.223.131 local addr [REDACTED] -> <null>   
2024-04-05T12:15:51-05:00   Informational   ntpd   44.190.40.123 local addr [REDACTED] -> <null>

as well as warning

024-04-05T11:49:32-05:00   Error   ntpd   daemon child exited with code 1   
2024-04-05T11:49:32-05:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2024-02-21T13:45:49-06:00   Error   ntpd   daemon child exited with code 1   
2024-02-21T13:45:49-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2024-01-31T12:58:06-06:00   Error   ntpd   daemon child exited with code 1   
2024-01-31T12:58:06-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2024-01-30T10:43:04-06:00   Error   ntpd   daemon child exited with code 1   
2024-01-30T10:43:04-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2024-01-30T10:36:31-06:00   Error   ntpd   daemon child exited with code 1   
2024-01-30T10:36:31-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2023-12-12T14:45:19-06:00   Error   ntpd   daemon child exited with code 1   
2023-12-12T14:45:19-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2023-11-09T21:38:06-06:00   Error   ntpd   daemon child exited with code 1   
2023-11-09T21:38:06-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2023-11-07T08:14:36-06:00   Error   ntpd   error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (8)



Where should i look for logs wise?

Sparkey
Title: Re: DNS not resolving after reboot
Post by: meyergru on May 20, 2024, 07:01:16 PM
That seems to be a hen-and-egg problem. You cannot resolve the NTP server address because unbound cannot start (because "now" is past the start time of the certificate). You will have to set the system date by hand first.

IDK which is wrong - your system time or the certificate start time. If it is the latter, you will have to issue a new certificate first.
Title: Re: DNS not resolving after reboot
Post by: Sparkey on May 20, 2024, 07:06:19 PM
Where do I set it manually?

Also I think its working now went in to change to static IP for time server  to NIST  129.6.15.28

Then added  0.opnsense.pool.ntp.org  enabled again.

Restarted Unbound and now its working!

How do you set the system date by hand first ?


Sparkey
Title: Re: DNS not resolving after reboot
Post by: meyergru on May 20, 2024, 07:47:54 PM
Via CLI "date ...".
Text only | Text with Images