OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: gothbert on September 08, 2018, 11:23:15 pm
-
Hi,
this is the relevant configuration of opnsense box:
OPNsense 18.7.1_3-amd64
DHCPv6 is off
DNSmasq DNS is off
Unbound DNS is on, in Forwarding Mode, local zone type= transparent
Settings | General | DNS servers: set to Google IPv4 and IPv6 webservers
My Ubuntu 18.04 workstation is set to static IPv4. IPv6 is autoconfigured (opnsense box internal network "home" tracks WAN).
During the last months I have seen the following behavior on my workstation:
- In normal operation, the IPv4 and IPv6 addresses of the opnsense box are passed as DNS servers to the workstation.
- From time to time, the IPv6 addresses of the Google DNS servers are passed to the workstation as well, thus bypassing the resolution of the hostnames in the internal network configured in Unbound DNS Server overrides. This happens spontaneously, i.e. the workstation boots up in the desired state and spontaneously transitions into the undesired state.
When the issue is present, systemd-resolve --status on the workstation gives (shortened):
Global
DNS Domain: home.mydomain.de
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
...
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 2 (enp0s25)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.31.1 <---- opnsense box
2001:4860:4860::8888 <---- Google DNS server
2001:4860:4860::8844 <---- Google DNS server
2a02:...:fe5d:4ca1 <---- opnsense box
DNS Domain: home.mydomain.de
I suspect that this behavior occurs when the external IP address of the opnsense box changes (DSLight Unitymedia cable connection).
How can I trace the issue to its root cause and remedy it? Your help would be greatly appreciated, thanks in advance.
Boris
-
Additional info:
I just observed it happening again. IPv6 DNS servers from Settings | General | DNS servers are propagated. unbound has stopped working at 12:35:28 (last log entry) for no reason and does not come back to live. system.log shows the following:
Sep 15 12:35:23 opnsense syslogd: sendto: Network is down
Sep 15 12:35:23 opnsense kernel: igb1: Watchdog timeout -- resetting
Sep 15 12:35:23 opnsense syslogd: sendto: Network is down
Sep 15 12:35:23 opnsense kernel: igb1: Queue(218489344) tdh = -1, hw tdt = -1
Sep 15 12:35:23 opnsense syslogd: sendto: Network is down
Sep 15 12:35:23 opnsense kernel: igb1: TX(218489344) desc avail = 0,Next TX to Clean = 0
Sep 15 12:35:23 opnsense syslogd: sendto: Network is down
Sep 15 12:35:23 opnsense kernel: igb1: link state changed to DOWN
Sep 15 12:35:23 opnsense syslogd: sendto: Network is down
Sep 15 12:35:23 opnsense syslogd: sendto: Network is down
Sep 15 12:35:23 opnsense syslogd: sendto: Network is down
Sep 15 12:35:23 opnsense syslogd: sendto: Network is down
Sep 15 12:35:23 opnsense opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for lan
Sep 15 12:35:28 opnsense kernel: igb1: link state changed to UP
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for lan
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface lan
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.linkup: ROUTING: entering configure using 'lan'
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.linkup: ROUTING: IPv6 default gateway set to wan
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.linkup: ROUTING: IPv4 default gateway set to wan
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.linkup: ROUTING: skipping IPv4 default route
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.linkup: ROUTING: skipping IPv6 default route
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: wan[wan]) (real interface: igb0).
Sep 15 12:35:28 opnsense opnsense: /usr/local/etc/rc.newwanipv6: Failed to detect IP for wan[wan]
Sep 15 12:35:29 opnsense opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Sep 15 12:35:29 opnsense opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: 2a02:908:2543:9fe0:225:90ff:fe5d:4ca0) (interface: wan[wan]) (real interface: igb0).
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'wan'
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to wan
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to wan
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 192.168.178.1
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '192.168.178.1'
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::ca0e:14ff:fec8:d750
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80::ca0e:14ff:fec8:d750%igb0'
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '192.168.178.1'
Sep 15 12:35:30 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80::ca0e:14ff:fec8:d750%igb0'
Sep 15 12:35:31 opnsense opnsense: /usr/local/etc/rc.newwanipv6: Resyncing OpenVPN instances for interface wan.
Sep 15 12:35:31 opnsense kernel: ovpnc1: link state changed to DOWN
Sep 15 12:35:31 opnsense opnsense: /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway '192.168.178.1'
Sep 15 12:35:31 opnsense opnsense: /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway 'fe80::ca0e:14ff:fec8:d750%igb0'
Sep 15 12:35:33 opnsense opnsense: /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway '192.168.178.1'
Sep 15 12:35:33 opnsense opnsense: /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway 'fe80::ca0e:14ff:fec8:d750%igb0'
Sep 15 12:35:34 opnsense opnsense: /usr/local/etc/rc.linkup: The command '/usr/local/sbin/unbound -c '/var/unbound/unbound.conf'' returned exit code '1', the output was '[1537007734] unbound[54994:0] error: can't bind socket: Can't assign requested address for 192.168.38.254 [1537007734] unbound[54994:0] fatal error: could not open ports'
Sep 15 12:35:35 opnsense opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Sep 15 12:35:35 opnsense opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: 2a02:908:2543:9fe0:225:90ff:fe5d:4ca0) (interface: wan[wan]) (real interface: igb0).
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'wan'
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to wan
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to wan
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 192.168.178.1
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '192.168.178.1'
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::ca0e:14ff:fec8:d750
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80::ca0e:14ff:fec8:d750%igb0'
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '192.168.178.1'
Sep 15 12:35:36 opnsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80::ca0e:14ff:fec8:d750%igb0'
Sep 15 12:35:37 opnsense opnsense: /usr/local/etc/rc.newwanipv6: Resyncing OpenVPN instances for interface wan.
Sep 15 12:35:43 opnsense opnsense: /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway '192.168.178.1'
Sep 15 12:35:43 opnsense opnsense: /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway 'fe80::ca0e:14ff:fec8:d750%igb0'
Sep 15 12:35:54 opnsense kernel: ovpnc1: link state changed to UP
Sep 15 12:35:55 opnsense opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpnc1'
Sep 15 12:35:55 opnsense opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
After restarting unbound, the opnsense box' IPv6 address is propagated as DNS server (but the google nameservers are as well).
-
This behavior has become a nuisance for me, and I have to restart Unbound at least every second day when I am on my workstation. Filed an issue here: https://github.com/opnsense/core/issues/2822 (https://github.com/opnsense/core/issues/2822)
-
We seem to have found why this is happening. Patching is a little bit more complicated than hoped for, but we'll find a way for 19.1.
Cheers,
Franco
-
Excellent!