Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: therobin on June 25, 2024, 09:01:16 AM

Title: Unbound servfail errors since 24.1.9 with IPv6
Post by: therobin on June 25, 2024, 09:01:16 AM
I used to use DNS over TLS with exclusively IPv6 addresses for my unbound upstream. But since about 24.1.9 update, it is not resolving anything when the upstream is IPv6. It keeps giving servfail when the upstream DoT servers are IPv6. My IPv6 connectivity is working.

I had to switch to IPv4 addresses to get resolving working again. Here is a sample of my logs.

2024-06-25T01:25:26-04:00   Debug   unbound   [96887:3] debug: cache memory msg=134875 rrset=132184 infra=10768 val=132400   
2024-06-25T01:25:26-04:00   Informational   unbound   [96887:3] reply: ::1 google.com. AAAA IN SERVFAIL 0.000000 0 39   
2024-06-25T01:25:26-04:00   Error   unbound   [96887:3] error: SERVFAIL <google.com. AAAA IN>: all the configured stub or forward servers failed, at zone . no server to query nameserver addresses not usable have no nameserver names   
2024-06-25T01:25:26-04:00   Informational   unbound   [96887:3] info: validator operate: query google.com. AAAA IN   
2024-06-25T01:25:26-04:00   Debug   unbound   [96887:3] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone   
2024-06-25T01:25:26-04:00   Debug   unbound   [96887:3] debug: return error response SERVFAIL   
2024-06-25T01:25:26-04:00   Debug   unbound   [96887:3] debug: configured stub or forward servers failed -- returning SERVFAIL   
2024-06-25T01:25:26-04:00   Informational   unbound   [96887:3] info: processQueryTargets: google.com. AAAA IN   
2024-06-25T01:25:26-04:00   Informational   unbound   [96887:3] info: resolving google.com. AAAA IN   
2024-06-25T01:25:26-04:00   Debug   unbound   [96887:3] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass   
2024-06-25T01:25:26-04:00   Informational   unbound   [96887:3] info: validator operate: query google.com. AAAA IN   
2024-06-25T01:25:26-04:00   Debug   unbound   [96887:3] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass   
2024-06-25T01:25:26-04:00   Debug   unbound   [96887:3] debug: worker request: max UDP reply size modified (4096 to max-udp-size)   
2024-06-25T01:25:26-04:00   Informational   unbound   [96887:3] query: ::1 google.com. AAAA IN
Title: Re: Unbound servfail errors since 24.1.9 with IPv6
Post by: therobin on June 25, 2024, 11:07:41 AM
False alarm. I didn't realize my WAN interface, which unbound is set to use as the outgoing interface, lost it's IPV6 address. Probably something to do with the recent IPv6 changes in the changelog? I didn't even notice because the WAN ipv6 is outside the prefix range, so all devices still had routeable IPv6 service.

Simply reapplying the WAN interface IP settings got it's IPv6 address back and now it is working again.
Text only | Text with Images