Messages

You can simply use whatever works for your personal setup, even Unbound + ISC as long as it works.

Its not my responsibility to tell you what to do, I can only tell you which possibilities exist.

Didn't ask and don't care about your responsibility, I only asked about support for registering hostnames from Kea or dnsmasq DHCP in Unbound.

At least the members here try to be helpful, even if the official staff chooses to cop a holier-than-thou attitude.

Man kann das Pferd zur Tränke führen, man kann es nicht zum trinken zwingen.

Really? The official response is telling people to just use two DNSs and deal with the bugs and performance issues that people are reporting with the Unbound/dnsmasq setup?

Sheesh, you guys are losing it.

Still no support for registering DHCP leases from anything other than ISC DHCP?

Dnsmasq can handle hostname registration. Unbound is the primary resolver and forwards internal zone requests to Dnsmasq. This is covered in the documentation and walks you through the setup. I recommend someone create a sticky with a link to this doc since there are a lot of questions and discussions right now.

I'm not going to run two DNS services just to be able to resolve internal host names. This whole deprecation of ISC has been a mess. ISC+Unbound is exceedingly simple and functional, Kea and dnsmasq are both half-baked.

Still no support for registering DHCP leases from anything other than ISC DHCP? At least the verbiage in Unbound and dnsmasq settings both suggest that they will only register leases from ISC.

I guess that's a no, then?  :-\

Is RFC8781/PREF64 support planned to be implemented into OPNsense any time soon? I've been trying to get an IPv6-MOSTLY network going, and this is really the last thing I'm waiting on before I can really experiment with one.

Reporting: Settings: Unbound DNS reporting: Reset DNS data

At least that is the one it complains about. It fills the graphs for Reporting: Unbound DNS but if you don't need those you could also turn if off as well (from the settings page) to save energy and your disk.


Cheers,
Franco

Thanks! I reset that and the reporting seems to be working again.

SIGABRT? I would recommend resetting the database and hope that the disk itself isn't failing.


Cheers,
Franco

Thanks, Franco. I checked the SMART status of the disk and it is passing, so maybe it's the database problem. How would I reset that? I'm unsure to which database you are referring.

Logs full of these errors every time I try to reset the logging for unbound. It works for a few minutes, then the graphs just all go to zero until the logger is restarted somehow (I usually do this by just clicking "save" on the DHCPv4 service).

Same problem here.

Error due to SSL 1.1.1 then update failed.

I have tried the update again to be able to copy the logs, it passed, seemed to have worked but no more routing since reboot.

I cannot post logs as I am writing this from my phone.

What can I do?

The GUI works OK, but no packet routing and CPU load is super high, used by Python3.9.

I don't have high CPU load, but I did get the error about OpenSSL conflicting with itself. Tried again and the update installed, but now Python 3.9 keeps crashing and Unbound blocking reporting doesn't seem to be working anymore.

Similar issue here. I'm not using any of the default lists, I use advanced mode with a single blocklist URL specified. No matter what I do, the size of the blocklist is always 0 now. This is with no whitelisting configured and return NXDOMAIN checked. Unbound blocklist feature does indeed appear to be broken now.

Code Select Expand

2023-02-28T12:48:40-05:00 Notice unbound blocklist download done in 2.20 seconds (0 records)
2023-02-28T12:48:40-05:00 Notice unbound blocklist download https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/pro.blacklist.conf (lines: 486283 exclude: 486273 block: 0)
2023-02-28T12:48:38-05:00 Notice unbound blocklist download : exclude domains matching .*localhost$|^(?![a-zA-Z_\d]).*

Looks like in my case, unbound blocklist format has changed? If I select the "unbound" downloads from oisd.nl or https://github.com/hagezi/dns-blocklists it does not work, but if I use the "domains" format instead, it works as expected.

Similar issue here. I'm not using any of the default lists, I use advanced mode with a single blocklist URL specified. No matter what I do, the size of the blocklist is always 0 now. This is with no whitelisting configured and return NXDOMAIN checked. Unbound blocklist feature does indeed appear to be broken now.

Code Select Expand

2023-02-28T12:48:40-05:00 Notice unbound blocklist download done in 2.20 seconds (0 records)
2023-02-28T12:48:40-05:00 Notice unbound blocklist download https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/pro.blacklist.conf (lines: 486283 exclude: 486273 block: 0)
2023-02-28T12:48:38-05:00 Notice unbound blocklist download : exclude domains matching .*localhost$|^(?![a-zA-Z_\d]).*

Similar issue here. As long as Zenarmor is not in bypass mode, I fail any IPv6 tests I try to do. As soon as I enable bypass mode, the issue goes away. Tested multiple times.

That would explain it. Maybe not all hardware is affected like this... would be best to keep track of traces separately for each machine. Maybe the other two have a single panic to trace.


Cheers,
Franco

It was the same RAM modules in all three of them in this case as I just swapped them into each box, but you are right that keeping track of which machine generated which trace is a good idea in the future. Though hopefully with new RAM it won't be necessary...

I figured it out - bad RAM. It tested fine on the first device but just to be sure I tested it again... this time it threw so many errors memtest86 couldn't even complete a full pass.

D'oh.