Messages

Hi all,

i have a setup which uses IPv4 with static local IPs and IPv6 with Dynamic prefix. I run some Server services locally. For that i use Unbound to override some A records to point to the local IP of the Server (for clients in the local net to reach the server).

This works great however unbound also overrides the AAAA record when an A override is set (which i do not want). I also cannot set the AAAA Record in parallel to override manually since the IPv6 has an dynamic prefix and changes regularly. For the firewall rules i can use an IPv6 Alias which works but seems not to be possible for the Unbound override.

So how can i tell unbound to only override the A record and leave the original AAAA record in place ?

Regards

@joshndroid which of the 3 patches did you apply ?

i dont use any overrides. Only customization i use for Unbound is DoT.

i might have a way to trigger it now but iam still testing. Could you tell me how to use DTrace than i happy to help debugging.

Could you try

Code Select Expand

cd /tmp
ktrace -p <pid of misbehaving unbound>
# wait a couple of seconds
ktrace -C
kdump

I could catch a crash live today and tried this command. But the output was empty. To make sure i did it correct i tested it for another process and i got plenty of output, i tried mutliple times while waiting more than 5 minutes but output was still empty so i guess the process is just dead ? So the unbound process just sits there with 97% usage and DNS resolution does not work anymore until i kill it.

Output was again:

Code Select Expand

2024-02-15T19:34:08 Critical unbound [18464:3] fatal error: Could not initialize thread
2024-02-15T19:34:08 Error unbound [18464:3] error: Could not set root or stub hints
2024-02-15T19:34:08 Error unbound [18464:3] error: reading root hints /root.hints 8:14: Syntax error, could not parse the RR's class
TypeError: an integer is required (got type NoneType)
os.write(self._pipe_fd, res.encode())
File "dnsbl_module.py", line 227, in log_entry
mod_env['logger'].log_entry(
File "dnsbl_module.py", line 379, in cache_cb
logger.close()
File "dnsbl_module.py", line 444, in deinit

My bad the issue lies somewhere else, nothing to do with IDS.

Ok understood. Since i had this issue the last weeks as well without any device connecting or disconnecting i still think its at least not only related to not using a switch so i try to gather additional data.

So you say the Unbound error is a directly connecting to not using a switch ? Or is this just an assumption? i know its not best practice but it worked flawlessless for years so suddenly this error appeared with some changes ?

i understand it fires a script when changes on the interface can happen. But still something seems to cause the issue when the script fires (at least i assume this based on your answer) so we should try to debug this instead of saying never up and down an interface to avoid running the script ?

Also i assume its a pretty normal setup for people connecting devices to the firewall itself without a switch ?

Also iam pretty sure this problem happend also when no device changes was happening (so all running). So maybe its just a coexistence ? @lar.hed did you ever see this error triggering when one of your devices connects / disconnects from the interface ?

Since OP has no bridge but the same error it seems to be unrelated. Also it runs like this for 2 years+ (with no  penalty affecting me) so maybe i was on the wrong track here and the interface has nothing to do with it. Pretty sure its still something with unbound.

Iam using a MiniPC with multiple ports and connected all Devices directly to it. Its running this way since 2 years so i dont see any issue with that ? I just saw the log so i assumed its worth posting this. Why would a switch between the PC and the Firewall change any of this ? i Dont need a switch the Firewall has enough ports to cover all devices. i dont have any issues with the devices whatsoever only unbound started causing the mentioned issues since the recent update.

Iam running in the same issues since 24.1 is there any way to help debug this? It looks like it appears every few days but couldnt find any pattern:

This night it appeard again since monit showed failing DNS resolution in the night. However once my PC was running again it seems to work again without any intervention. So iam not sure if this has some relation or if it just was some random event.

Error when it stopped working was this:

Code Select Expand


2024-02-15T01:58:19 Error unbound [47314:1] error: reading root hints /root.hints 7:8: Syntax error, could not parse the RR's type
2024-02-15T01:58:19 Error unbound [47314:3] error: reading root hints /root.hints 2:13: Syntax error, could not parse the RR's type
TypeError: an integer is required (got type NoneType)
os.write(self._pipe_fd, res.encode())
File "dnsbl_module.py", line 227, in log_entry
logger.log_entry(query)
File "dnsbl_module.py", line 548, in operate

Suspiciously the time i shutdown my PC was around 2PM and it looks like after that unbnound started failing. Booting it up again in the morning at around 08:50 and unbound worked again ? Could this have something to do with an specific interface going up or down ? Its the first time i see the link between client going up and down influencing unbound but maybe its just random. Error seems to be the same as from the Thread creator:

Code Select Expand

2024-02-15T08:46:24 Informational unbound [84952:0] info: generate keytag query _ta-4f66. NULL IN
2024-02-15T08:46:23 Informational unbound [84952:0] info: start of service (unbound 1.19.0).
2024-02-15T08:46:23 Notice unbound [84952:0] notice: init module 2: iterator
2024-02-15T08:46:23 Notice unbound [84952:0] notice: init module 1: validator
2024-02-15T08:46:23 Notice unbound [84952:0] notice: init module 0: python
2024-02-15T08:46:20 Notice unbound Closing logger
2024-02-15T01:58:19 Notice unbound Backgrounding unbound logging backend.
2024-02-15T01:58:19 Notice unbound daemonize unbound dhcpd watcher.
2024-02-15T01:58:19 Error unbound [47314:0] error: str: syscall error with errno No error: 0
2024-02-15T01:58:19 Notice unbound [47314:0] notice: failed connection from 127.0.0.1 port 44860
2024-02-15T01:58:19 Informational unbound [47314:0] info: start of service (unbound 1.19.0).
2024-02-15T01:58:19 Critical unbound [47314:1] fatal error: Could not initialize thread
2024-02-15T01:58:19 Critical unbound [47314:3] fatal error: Could not initialize thread
2024-02-15T01:58:19 Informational unbound [47314:3] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
2024-02-15T01:58:19 Informational unbound [47314:3] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2024-02-15T01:58:19 Informational unbound [47314:1] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
2024-02-15T01:58:19 Informational unbound [47314:1] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2024-02-15T01:58:19 Error unbound [47314:1] error: Could not set root or stub hints
2024-02-15T01:58:19 Error unbound [47314:3] error: Could not set root or stub hints
2024-02-15T01:58:19 Error unbound [47314:1] error: reading root hints /root.hints 7:8: Syntax error, could not parse the RR's type
2024-02-15T01:58:19 Error unbound [47314:3] error: reading root hints /root.hints 2:13: Syntax error, could not parse the RR's type

Also the General log shows this for the morning:

Code Select Expand


2024-02-15T08:46:20 Error opnsense /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '47314''(pid:/var/run/unbound.pid) returned exit code '1', the output was 'kill: 47314: No such process'
2024-02-15T08:46:10 Error opnsense /usr/local/etc/rc.linkup: The command `/sbin/ifconfig 'bridge0' addm 'igb1'' failed to execute

Did you find any solution ? iam running in the same issue since 24.

Errors are:

Code Select Expand

2024-02-15T01:58:19 Error unbound [47314:1] error: reading root hints /root.hints 7:8: Syntax error, could not parse the RR's type
2024-02-15T01:58:19 Error unbound [47314:3] error: reading root hints /root.hints 2:13: Syntax error, could not parse the RR's type

i didnt change any unbound config but it randomly stopps working now.

General log also shows:

Code Select Expand

/usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '47314''(pid:/var/run/unbound.pid) returned exit code '1', the output was 'kill: 47314: No such process'

iam running 24.1_1 und have the same error, unbound randomly stopps DNS resolution:

After this it stopps:

Code Select Expand

2024-02-15T01:58:19 Error unbound [47314:1] error: reading root hints /root.hints 7:8: Syntax error, could not parse the RR's type
2024-02-15T01:58:19 Error unbound [47314:3] error: reading root hints /root.hints 2:13: Syntax error, could not parse the RR's type

Any ideas how to fix it ?

Is this issue really fixed for 24.1_1? it looks like unbound still fails from time to time. I cannot reproduce it yet but i still get random dns resolution errors. All started with 24.1.