Messages

Due to a 20,000 character limit of posts, here's the rest of the sample of the log file:

Code Select Expand


Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:dc3::35 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 202.12.27.33 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:500:9f::42 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 199.7.83.42 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:7fd::1 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 193.0.14.129 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:503:c27::2:30 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 192.58.128.30 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:7fe::53 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 192.36.148.17 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:500:1::53 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 198.97.190.53 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:500:12::d0d port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 192.112.36.4 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:500:2f::f port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 192.5.5.241 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:500:a8::e port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 192.203.230.10 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:500:2d::d port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 199.7.91.13 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:500:2::c port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 192.33.4.12 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:500:200::b port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 199.9.14.201 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip6 2001:503:ba3e::2:30 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug:    ip4 198.41.0.4 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:1] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66288
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   K.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   J.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   I.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   H.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   G.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   F.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   E.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   D.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   C.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   B.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   A.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:dc3::35 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 202.12.27.33 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:500:9f::42 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 199.7.83.42 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:7fd::1 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 193.0.14.129 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:503:c27::2:30 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 192.58.128.30 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:7fe::53 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 192.36.148.17 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:500:1::53 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 198.97.190.53 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:500:12::d0d port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 192.112.36.4 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:500:2f::f port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 192.5.5.241 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:500:a8::e port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 192.203.230.10 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:500:2d::d port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 199.7.91.13 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:500:2::c port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 192.33.4.12 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:500:200::b port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 199.9.14.201 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip6 2001:503:ba3e::2:30 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:3] debug:    ip4 198.41.0.4 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   L.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66288
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   K.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   J.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   I.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   H.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   G.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   F.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   E.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   D.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   C.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   B.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   A.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:dc3::35 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 202.12.27.33 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:500:9f::42 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 199.7.83.42 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:7fd::1 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 193.0.14.129 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:503:c27::2:30 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 192.58.128.30 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:7fe::53 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 192.36.148.17 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:500:1::53 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 198.97.190.53 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:500:12::d0d port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 192.112.36.4 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:500:2f::f port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 192.5.5.241 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:500:a8::e port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 192.203.230.10 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:500:2d::d port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 199.7.91.13 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:500:2::c port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 192.33.4.12 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:500:200::b port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 199.9.14.201 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip6 2001:503:ba3e::2:30 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug:    ip4 198.41.0.4 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66288
Aug  3 11:41:01 opnsense unbound: [62216:0] info: start of service (unbound 1.7.3).
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: autotrust probe timer callback
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: autotrust probe timer 0 callbacks done
Aug  3 11:41:01 opnsense unbound: [62216:2] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs (0 result, 26 avail) parentNS
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   M.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   L.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   K.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   J.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   I.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   H.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   G.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   F.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   E.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   D.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   C.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   B.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] info:   A.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:dc3::35 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 202.12.27.33 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:500:9f::42 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 199.7.83.42 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:7fd::1 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 193.0.14.129 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:503:c27::2:30 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 192.58.128.30 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:7fe::53 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 192.36.148.17 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:500:1::53 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 198.97.190.53 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:500:12::d0d port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 192.112.36.4 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:500:2f::f port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 192.5.5.241 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:500:a8::e port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 192.203.230.10 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:500:2d::d port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 199.7.91.13 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:500:2::c port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 192.33.4.12 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:500:200::b port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 199.9.14.201 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip6 2001:503:ba3e::2:30 port 53 (len 28)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug:    ip4 198.41.0.4 port 53 (len 16)
Aug  3 11:41:01 opnsense unbound: [62216:2] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66288
Aug  3 11:41:01 opnsense unbound: [62216:0] info: service stopped (unbound 1.7.3).
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: stop threads
Aug  3 11:41:01 opnsense unbound: [62216:1] debug: got control cmd quit
Aug  3 11:41:01 opnsense unbound: [62216:2] debug: got control cmd quit
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: join 1
Aug  3 11:41:01 opnsense unbound: [62216:3] debug: got control cmd quit
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: join success 1
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: join 2
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: join success 2
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: join 3
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: join success 3
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: cleanup.
Aug  3 11:41:01 opnsense unbound: [62216:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug  3 11:41:01 opnsense unbound: [62216:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug  3 11:41:01 opnsense unbound: [62216:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66288
Aug  3 11:41:01 opnsense unbound: [62216:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug  3 11:41:01 opnsense unbound: [62216:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug  3 11:41:01 opnsense unbound: [62216:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66288
Aug  3 11:41:01 opnsense unbound: [62216:0] info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug  3 11:41:01 opnsense unbound: [62216:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug  3 11:41:01 opnsense unbound: [62216:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66288
Aug  3 11:41:01 opnsense unbound: [62216:0] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Aug  3 11:41:01 opnsense unbound: [62216:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Aug  3 11:41:01 opnsense unbound: [62216:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: cache memory msg=66072 rrset=66072 infra=7808 val=66288
Aug  3 11:41:01 opnsense unbound: [62216:0] notice: Restart of unbound 1.7.3.
...


Here's a sample of the log file at "Level 5" (this data is repeatedly entered into the log file every few seconds as part of the start, fail, restart loop that unbound is currently in):

Code Select Expand


Aug  3 11:40:52 opnsense unbound: [57659:0] notice: Restart of unbound 1.7.3.
Aug  3 11:40:52 opnsense unbound: [57659:0] fatal error: Could not read config file: /unbound.conf
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: chdir to /var/unbound
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: chroot to /var/unbound
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: drop user privileges, run as unbound
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: duplicate acl address ignored.
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: duplicate acl address ignored.
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: duplicate acl address ignored.
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: duplicate acl address ignored.
Aug  3 11:41:01 opnsense unbound: [62216:0] info: implicit transparent local-zone opnsense. TYPE0 IN
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: ignoring duplicate RR: opnsense AAAA fe80::20e:c4ff:fed4:a8d0
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: ignoring duplicate RR: opnsense.example.com AAAA fe80::20e:c4ff:fed4:a8d0
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: ignoring duplicate RR: opnsense AAAA fe80::20e:c4ff:fed4:a8d0
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: ignoring duplicate RR: opnsense.example.com AAAA fe80::20e:c4ff:fed4:a8d0
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: ignoring duplicate RR: localhost AAAA ::1
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: ignoring duplicate RR: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.  PTR  localhost
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: ignoring duplicate RR: localhost A 127.0.0.1
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: ignoring duplicate RR: 1.0.0.127.in-addr.arpa.  PTR  localhost
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: module config: "validator iterator"
Aug  3 11:41:01 opnsense unbound: [62216:0] notice: init module 0: validator
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: reading autotrust anchor file /root.key
Aug  3 11:41:01 opnsense unbound: [62216:0] info: trust point . : 1
Aug  3 11:41:01 opnsense unbound: [62216:0] info: assembled 0 DS and 2 DNSKEYs
Aug  3 11:41:01 opnsense unbound: [62216:0] info: DNSKEY:: .    172800  IN      DNSKEY  257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b}
Aug  3 11:41:01 opnsense unbound: [62216:0] info: DNSKEY:: .    172800  IN      DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b}
Aug  3 11:41:01 opnsense unbound: [62216:0] info: file /root.key
Aug  3 11:41:01 opnsense unbound: [62216:0] info: last_queried: 1533310859 Fri Aug  3 11:40:59 2018
Aug  3 11:41:01 opnsense unbound: [62216:0] info: last_success: 1533310859 Fri Aug  3 11:40:59 2018
Aug  3 11:41:01 opnsense unbound: [62216:0] info: next_probe_time: 1533353609 Fri Aug  3 23:33:29 2018
Aug  3 11:41:01 opnsense unbound: [62216:0] info: query_interval: 43200
Aug  3 11:41:01 opnsense unbound: [62216:0] info: retry_time: 8640
Aug  3 11:41:01 opnsense unbound: [62216:0] info: query_failed: 0
Aug  3 11:41:01 opnsense unbound: [62216:0] info: [  VALID  ] . 172800  IN      DNSKEY  257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state:2 ;;pending_count:0 last:Sat Jan  6 19:46:45 2018
Aug  3 11:41:01 opnsense unbound: [62216:0] info: [  VALID  ] . 172800  IN      DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state:2 ;;pending_count:0 last:Sat Jan  6 19:46:45 2018
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: validator nsec3cfg keysz 1024 mxiter 150
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: validator nsec3cfg keysz 2048 mxiter 500
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: validator nsec3cfg keysz 4096 mxiter 2500
Aug  3 11:41:01 opnsense unbound: [62216:0] notice: init module 1: iterator
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: target fetch policy for level 0 is 3
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: target fetch policy for level 1 is 2
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: target fetch policy for level 2 is 1
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: target fetch policy for level 3 is 0
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: target fetch policy for level 4 is 0
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: donotq: 127.0.0.0/8
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: donotq: ::1
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: total of 59474 outgoing ports available
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: start threads
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: libevent 2.1.8-stable user kqueue method.
Aug  3 11:41:01 opnsense unbound: [62216:1] debug: libevent 2.1.8-stable user kqueue method.
Aug  3 11:41:01 opnsense unbound: [62216:3] debug: libevent 2.1.8-stable user kqueue method.
Aug  3 11:41:01 opnsense unbound: [62216:1] debug: Reading root hints from /root.hints
Aug  3 11:41:01 opnsense unbound: [62216:3] debug: Reading root hints from /root.hints
Aug  3 11:41:01 opnsense unbound: [62216:2] debug: libevent 2.1.8-stable user kqueue method.
Aug  3 11:41:01 opnsense unbound: [62216:1] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs (0 result, 26 avail) parentNS
Aug  3 11:41:01 opnsense unbound: [62216:0] debug: Reading root hints from /root.hints
Aug  3 11:41:01 opnsense unbound: [62216:3] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs (0 result, 26 avail) parentNS
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   M.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs (0 result, 26 avail) parentNS
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   M.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   L.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:0] info:   M.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:3] info:   L.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:2] debug: Reading root hints from /root.hints
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   K.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   J.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   I.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   H.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   G.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   F.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   E.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   D.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   C.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   B.ROOT-SERVERS.NET. * A AAAA
Aug  3 11:41:01 opnsense unbound: [62216:1] info:   A.ROOT-SERVERS.NET. * A AAAA


I'm hoping maybe someone else has experienced this problem and can help me fix it.  I had a working unbound configuration while running 18.1.12.  Last night, I upgraded to 18.1.13 and then immediately upgraded to 18.7.  I did not change my configuration for unbound at all during the upgrade process.  Now, unbound fails to start.

Specifically, what unbound does is appear be stuck in an endless loop where it attempts to start, fails to start, stops, attempts to start again, fails to start, and so on ad infinitum[/].  Looking at the log files, I see the following error message repeatedly appearing:

Code Select Expand


Aug 3 11:38:54 unbound: [84359:0] fatal error: Could not read config file: /unbound.conf
Aug 3 11:38:54 unbound: [84359:0] notice: Restart of unbound 1.7.3.


I did not have this problem while running 18.1.12 with the same configuration.  I changed my log level to "Level 5" to see if I could get some more useful information about why Unbound could no longer read my unbound.conf configuration file.  However, the log file is all gibberish (to me at least) with no additional useful information.

Anyone have any pointers on how to investigate further?  Short or nuking and reinstalling from scratch, I'm not sure what to do.

Thanks.

o QinQ interface removal

Cheers,
Franco

Why is this feature being removed?  It seems like a weird one to strip out.

Thanks.

We cannot precisely follow ISO 3166 because the most prevalent provider of the codes which is tzdata does not include the Continent Code:

https://github.com/opnsense/core/blob/master/contrib/tzdata/iso3166.tab

So we extrapolate from the zone mapping...

https://github.com/opnsense/core/blob/master/contrib/tzdata/zone.tab

... and that is ambiguous because it maps time zones, not countries.


Cheers,
Franco

::) Leave it to ISO to create a standard that no one can follow.

Appreciate the technical explanation.  It makes sense.

Problem solved - Here's the issue:

When creating a port-forward, you have to create a corresponding PF rule that specifies the LAN address you are forwarding to instead of the WAN address.  Somehow, the corresponding PF Pass rules did not get added to the firewall to allow the port forwards automatically, even though this is the default behavior.  Other than classic PEBKAC, I can't see how this occured.  When I tried to add them manually, I assumed that you had to specify the WAN address as the destination instead of the LAN address of the port forward as the destination. 

I left this hear as a note to others searching the forum at a later date.

Cheers!

Rather than go back and edit an earlier post, I will just post again and admit I was wrong.

It turns out that OPNSense does allow for pretty fine grained control of ingress and egress GeoIP blocking using aliases.  The issue is the documentation and the fact that OPNSense provides two mechanisms for GeoIP filtering.  The documentation refers to the one builtin to the IDS/IPS system.  That one is rather underwhelming (and somewhat buggy for me).  The other is provided using PF aliases and is pretty feature rich and flexible.  I like it a lot more than the one included in the IDS/IPS.  However, it the system using aliases is discouraged in the documentation and it's existence is not readily apparent from the table of contents.

This is one of those "I have to see how it plays out."

The IPv6 tests at test-ipv6.com still fail.  I haven't changed a single setting since earlier today.  Meanwhile, my desktop passes all of the tests at test-ipv6.com but can't ping any IPv6 hosts (e.g., Google).

This is maddening!

??? it fails and it works??

There's a reason I got reassigned to software QA for a few years.  I have a unique ability to find edge cases no one else does.

Those fancy countries with their spanning multiple regions...

https://github.com/opnsense/core/commit/7ebd5fcd


Cheers,
Franco

Yeah, when you don't follow the ISO assignment for countries to continents, you get some dumb questions like mine. :). You also end up with Russia in Asia and Turkey in Europe (to name a few other odd balls I saw).

EDIT: Correct iPhone Typos

Thanks.

Unfortunately, my country (United States) is missing.  Every other country in the Americas is listed, including the U.S. Virgin Islands.  However, the U.S. itself is missing from the list of countries in the Americas. ::)

I'm definitely having IPv6 problems on the LAN side of my firewall.  But that I would suspect is a different issue from this.

My network is configured like this:

ONT -> ISP Gateway -> OPNSense Router -> LAN

The ONT is optical network terminal where the fiber terminates and is converted to an ethernet cable.

The ISP Gateway is one of those "all-in-one" modem/router boxes that they force upon you.  Unfortunately, it does not support bridge mode, but only provides for a pseudo-bridge called "IP-Passthrough" where the public WAN of the Gateway is assigned to your router.  The gateway then runs a NAT table that passes almost all traffic received on the public IP to your router.  What is not passed is unclear.  The ISP currently offers a native IPv6 implementation, which assigns each customer a /64 block.  When in IP-Passthrough mode, the /64 block is assigned to the OPNSense router to do with as it pleases.

For the WAN interface, I can demonstrate that (1) a publicly routable IPv6 address is assigned and (2) that I can ping the public internet (e.g., ping6 www.google.com) using IPv6.  Further, some LAN clients are able to use IPv6 just fine, but others can't use it at all. 

I also have not changed any of the options on my interface related to IPv6.  I have DHCPv6 as my configuration type, I have 64 as my prefix delegation size, and all other fields are empty.

Any of that information help?

This is one of those "I have to see how it plays out."

My laptop on wifi was not assigned an IPv6 address earlier today.  Now, when I type "ipconfig /all" I see it having been assigned two different IPv6 addresses:

Code Select Expand


Autoconfiguration Enabled.....: Yes
IPv6 Address........................:2600:1700:fc0:864f:588c:xxxx:xxxx:xxxx (Preferred)
Temporary IPv6 Address........:2600:1700:fc0:864f:17e:xxxx:Xxxx:xxxx (Preferred)


The IPv6 tests at test-ipv6.com still fail.  I haven't changed a single setting since earlier today.  Meanwhile, my desktop passes all of the tests at test-ipv6.com but can't ping any IPv6 hosts (e.g., Google).

This is maddening!

Please use the forum. Here is a recent thread: https://forum.opnsense.org/index.php?topic=7010.0


Cheers,
Franco

I did.  None of the other threads really addressed my problem.  And trust me, I wish they did.  If there's one I missed, I would love to see it.  I really hate being "that guy."  :-[ But I've always had a knack for finding/stumbling on obscure edge cases.

First, that thread you linked to is a different problem than mine.  That thread involves adding PF rules for a user to access the WebGui from the WAN.  My problem involves using port forwarding to forward web traffic through the firewall to another server.

Second, the solution in that thread doesn't solve my problem (I've tried it just to double check).  I have rules for HTTP and HTTPS that pass all IPv4 and IPv6 traffic on port 80 and 443 that come to the WAN address.  I also have port forwards that forward the same traffic to internal web server 192.168.1.XX.

To be much more specific, I have a FreeBSD internal server running several jails (one of which is the webserver).  I assigned a static IP to the host.  However, the DHCP server doesn't support assigning more than one IP address per MAC address, so I just statically assign IP addresses to the jails.  I then set up a port forward to the appropriate jail IP and make sure the firewall is also set to pass/allow web traffic.  This is not working for OPNSense (and only OPNSense), and I can't figure out why.

If no one has any ideas as to what is going on, that's fine.  I was just hoping someone else might be having my problem. 

And if this needs to be merged into the other thread too, I'm ok with that (although I hate thread hijacking, which is why I like to keep things in separate threads).

OK, virgin install of Opnsense 17.7.5 on an APU2, bounced through upgrades using the shell to 17.7.12 gives me an IPv6 address on my test LAN of my PC in the correct  prefix range.

No changes to firewall rules, just a virgin install. So in FW rules LAN I have a default v4 and v6 LAN net to any rules and that's it.

I must have something weird going on because I have close to a virgin install.  I've fiddled with other stuff, but nothing related to IPv6.

Currently running 17.7.12 as well.  I have the default LAN interface rules (allow all from LAN to whereever on IPv4 and IPv6).  To make things weirder and working with other computers, I just noticed that none of the devices on my Wi-Fi network (just UniFi access point) are given IPv6.  Wired computers are given IPv6 in my /64 block, but are unable to communicate with the outside world.  For example, I just tried to ping Google using IPv6 since I noticed my desktop had an IPv6 address.  All requests timed out.  When I went to test-ipv6.com from my desktop, I got a weird error message that my setup appeared to support IPv6 but the test results were unexpected and asking me to contact them to discuss my setup.  :o

Is radvd running?

Bart...

Yes, it is.