DNS queries to my override domain/server have been failing consistently (sporadic) since the last update which included unbound 1.7.1
It appears there is a newer version (1.7.2) now of unbound. Maybe that fixes this??
Here is a chart showing the DNS queries failing ever since the last opnsense uppdate.
(red lines are where its failing)
In my efforts too overcome this I have turned TTL for Host cache entries from 15min to 1min. That helps a little I think but does not solve the problem.
Please help!
If you've configured Cloudflare's dns (or any other) in Unbound using a port other than 53, you'll need to add @53 to the end of the dns server up. I ran into this with my overrides - they stopped working after adding the Cloudflare dns over TVs config.
I will try adding @53 and see if it makes a difference.
My overide dns is my personal domain name hosted on a VM inside my network. It is resolving fine when I point my clients directly at the dns server.
When the names will not resolve through my opnsense unbound service I restart unbound and they immediately work again.
My override configuration was working perfectly for months and months. The 18.1.9 release included unbound 1.7.1 is the only change to point to.
FYI: 1.7.2 was shipped today, after non-reboot update the Unbound service requires a manual restart.
Cheers,
Franco
Quote from: erickufrin on June 19, 2018, 02:32:08 PM
I will try adding @53 and see if it makes a difference.
My overide dns is my personal domain name hosted on a VM inside my network. It is resolving fine when I point my clients directly at the dns server.
When the names will not resolve through my opnsense unbound service I restart unbound and they immediately work again.
My override configuration was working perfectly for months and months. The 18.1.9 release included unbound 1.7.1 is the only change to point to.
The *override-feature never worked reliable for me...
Quote from: franco on June 21, 2018, 10:48:47 AM
FYI: 1.7.2 was shipped today, after non-reboot update the Unbound service requires a manual restart.
Cheers,
Franco
Thank you! I have installed the update & rebooted. Will let you know if this has solved the issue.
The problem does not appear to be resovled in unbound 1.7.2. Made it a few hours before seeing DNS queries to my override are failing.
I have turned up Logging on Unbound to Level 5. Maybe I will see something that can pinpoint the problem. :-/
If I wished to go back to 18.1.8 - what is the procedure - is there a KB article? thx...
Docs are on your installation:
# man opnsense-revert
More specifically:
# opnsense-revert -r 18.1.8 unbound
Meanwhile 1.7.3 was released, maybe it gives another clue:
http://www.unbound.net/download.html
Cheers,
Franco
In the Unbound log I am seeing "useless dp but cannot go up, servfail"
It appears #4100 bug listed in the release notes relates to this.
https://github.com/NLnetLabs/unbound/commit/d3866418208f9a16c7bab09b424dbd90a973df0c
https://github.com/NLnetLabs/unbound/commit/53b1e11eba0614fa0c9196edda92d557286fde59
The logfile message I am receiving appears to be the command that is getting hit due to the code above it...
I am no programmer, but to me 1.7.3 looks kinda promising.
I can provide a test version of 1.7.3 on Monday to find out :)
Or you can compile your own:
# opnsense-code tools ports
# cd /usr/ports/dns/unbound
# make package deinstall install
Cheers,
Franco
A test version would be great. I have been dealing with this for a little while, so monday or next week for a test version is definetly fine! Thank you
Here you go, for OpenSSL/amd64:
# pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/latest/All/unbound-1.7.3.txz
or LibreSSL/amd64:
# pkg add -f https://pkg.opnsense.org/FreeBSD:11:amd64/snapshots/libressl/All/unbound-1.7.3.txz
Cheers,
Franco
Hi Franco,
thanks for the 1.7.3, which fixed another problem I have had since 1.7.2. Behind two boxes I had no more access to OneDrive and the Microsoft Store didn't work anymore (error 0x80072EE7).
Greetings, Stefan
Hi Stefan,
Good, 1.7.3 will be in 18.1.11 early next week.
Cheers,
Franco
Want to close the loop on this issue. I have been running 1.7.3 unbound since last friday and have not had a single recurrence of the problem. The issue is solved with 1.7.3 confirmed! Thanks!!
Quote from: franco on June 30, 2018, 09:26:47 PM
Hi Stefan,
Good, 1.7.3 will be in 18.1.11 early next week.
Cheers,
Franco
Happy to hear, marking thread as [SOLVED]. :)