Hi all. First time poster and new OPNsense user here.
TLDR; DNS/DHCP breaks once per day but appears to self-resolve when duckdb restore/cleanup task runs. How to make this cycle stop?
Background:
I first set up OPNsense 25.7.11 about two weeks ago. I followed a pretty basic tutorial to set up my interfaces, a couple vlans, DNSmasq and DHCP + unbound, added in DNS over TLS, enabling IPv6, and started playing around with plugins like the node exporter and tailscale as well as adding in blocklists - it's been a lot of fun and I was really enjoying the platform.
However after a few days I started experiencing 1x daily DNS outages - first resolution becomes spotty, then fails completely, of course resulting in failures all over my network. At first I definitely blamed myself and a bad config - I tried systematically removing IPv6, DoT, getting rid of a wildcard override in unbound, removing the singular blocklist I added, and getting rid of all restrictive firewall rules, adding new ones to ensure dns ports were allowed etc. but no matter what the 1x daily DNS outage keeps occurring.
Through troubleshooting, I discovered that in addition to DNS issues, it appears that all IPv4 addressing stops working during these outages - clients lose ipv4 addresses (showing APIPA addressing) and opnsense becomes unreachable via IPv4, but remains accessible over IPv6 - and all services show as running and healthy on opnsense, including unbound and DHCP. The weirdest part is opnsense itself has no issues resolving hostnames using the diagnostic tool during these outages.
Troubleshooting:
Two days ago I factory reset my isp's router (that sits in front of opnsense in bridge mode) and did a fresh install of opnsense. My LAN firewall rules currently only consist of allowing IPv4 and IPv6 from LAN to all, pic attached. I again enabled dnsmasq, dhcp + unbound, DoT, and am still running IPv6, and the DNS issues continue 1x daily, with all of the same symptoms/behavior. Today, January 26th, DNS issues began at around 11:15am and ended at 13:30pm as evidenced by uptime-kuma DNS monitoring (image attached). I was not home so did nothing to mitigate, and the issue self resolved.
This time, I managed to catch a line in the Unbound log file that coincided with exactly when the issue self-resolved:
2026-01-26T13:30:51-06:00 Notice unboundDatabase auto restore from /var/cache/unbound.duckdb for cleanup reasons in 2.59 seconds
Likely related, metrics collected via node exporter and brought into grafana show free memory dropping from over 1GiB to below 500Mib at 13:31pm, essentially the same time as that duckdb restore/cleanup occurred (image attached).
I am assuming that this db is becoming unhealthy/corrupted/oversized in advance of the (likely scheduled?) cleanup on a regular basis, and that issue is affecting DHCP somehow. Forgive my ignorance of how duckdb is used on the platform. My primary concern is predictably- how can I make this stop happening? Turn off unbound reporting altogether? Initiate more frequent cleanups? Set stricter db size limit somewhere? I'm not quite sure how to proceed, and as you might expect, opnsense is not passing the wife test so far (keeps interrupting her shows).
I'm going to disable unbound reporting right now and see if that helps at all, but interested if anybody has any insight or suggestions! Happy to provide any other info as needed. Thanks in advance!
opnsense version: OPNsense 25.7.11_2-amd64
Hardware: Lenovo ThinkCentre M70q Gen1, 4gb RAM, 12 core CPU, 500GB SATA SSD, 1gb onboard nic used for WAN interface, 2.5gb Intel m.2 > Ethernet adapter card for LAN
Environment: ISP modem in bridge mode > opnsense box > 24 port USW pro for lan, including 1 WAP
of course, forgot to upload images. Attached here.