Messages

I noticed this, too.  You can work around it with another cron to reload Unbound but that may clear the cache if that setting is enabled in Unbound configs.  Definitely not ideal.

Can you raise a ticket in GitHub for this?

Issue raised, please feel free to add additional context here: https://github.com/opnsense/core/issues/10001

Just a quick note on some interesting behavior:

I recently decided to give the Unbound blocklists a try (Services > Unbound DNS > Blocklists).  I was quite pleased with with how they were working and how the reporting was working (Reporting > Unbound DNS).

I then noticed that even with a cron configured to update the blocklists (System > Settings > Cron), the reported size of the blocklists was not changing over several days, which was unexpected behavior.

As a result of this, I decided to restart Unbound to see if the lists were indeed updating but reporting wasn't picking up the new counts for some reason.

Upon restarting Unbound the counts immediately updated in reporting which leads be to believe Unbound isn't automatically reloading the updated lists.


I'm wondering if this is the intended behavior.  Do the updated lists not automatically get loaded into Unbound or is it a reporting issue?


I would hazard to guess that most would expect the list refresh cron to also reload the updated lists within Unbound without having to schedule an additional Unbound service recycle.


For now, I've scheduled both a blocklist list refresh and an unbound recycle (+30m later) to make sure the new lists are picked up and used.


It might be nice to have a list status page/tab, perhaps under reporting, that gives you information on the configured lists showing last successful fetch date/time and a few list stats, etc. There you could also note the requirement(s) for keeping the lists refreshed properly and link directly to the cron page.

Running 24.7.1 here now.

I'm averaging between 29C (84.2F) - 33C (91.4F) on all 8 cores during normal workloads.

I did get the bottom-plate add-on with the venting and fan, as I've had issues with other mini-pc platforms and heat (which is why I went with the lower power nvme, etc.). 

If it ever becomes an issue I'll pull the internal board, drill some holes for heated air to escape passively, re-paste the CPU with KPx, etc.

Performance has been excellent though and I'm getting line-speed numbers.
Obviously, it'll depend on what you have enabled on the firewall that drives CPU use though.

I tend to try to keep the device focused solely on security and passing traffic as quickly as possible.

Just sharing for awareness:

I recently purchased a Qotom Q20331G9-S10 CPU Atom C3758R - (4 SFP+ Version) - No RAM, No Storage.

I then installed:

• RAM -- Kingston KF432S20IBK2/64 -- 64GB (2x32GB).
  
• NVME -- SK hynix Gold P31 2TB

Serial console issues aside, the VGA installation went off without a hitch.

I had it up and running on the Intel i226s almost immediately.

The Intel X553 was a bit of a different matter.  It refused to recognize any of the SFP+ modules (SR or DAC) I installed, so after a bit of research I found that the Intel driver itself was refusing the use of the "unapproved" SFP+ modules.

There is a sysctl that allows you to bypass this behavior.

So, within /boot/loader.conf.local I set the following:

hw.ix.unsupported_sfp=1

... after that and a quick reboot. I could get the modules to recognize and autoconfig up at 10Gb.

For connectivity to my switches I am currently using this DAC Cable:
10Gtek SFP+ DAC Twinax Cable, Passive, Compatible with Intel XDACBL2M, 2 Meter(6.5ft)

Hope that helps anyone looking to get this device working in their own environment.


Edit:

To have the system boot after power-loss, you can set that behavior within the bios here:

--> IntelRCSetup --> South Bridge Chipset Configuration --> State after G3 --> (Change to desired behavior)