We have two firewalls in an HA / CARP configuration. We have them running Unbound for DNS. Every couple days, with no warning, Unbound fails, seemingly on both at the same time, yielding "failed to get a delegation (e.g. prime failure)" on every single DNS request. Restarting Unbound doesn't help, but rebooting the firewall itself does. These are running OPNsense 24.7.9_1 at the moment. There's no obvious cause in dmesg as far as we're aware. Does anyone know what might be happening?
Possibly solved: https://forum.opnsense.org/index.php?topic=29266.0
This thread seems to indicate that Unbound being set to all interfaces instead of manually specifying them is the problem. After I posted this question, I began to see the exact same behavior with it attempting to use ipv6 on an ipv4 only network and this has resolved it. I've had similar unrelated issues to Unbound so I'm not going to call this solved until I see this solution hold for several days but this appears to be the cause.
I don't think this should be the correct "Fix".
The Network Interfaces "All" is the recommended setting according to the docs: https://docs.opnsense.org/manual/unbound.html
QuoteBelow table contains the options to manually set listening and outbound interfaces, the recommended setting for both is "All" for good reasons. Unless you absolutely know what you are doing, best keep these settings default as misuse often causes startup issues.