Messages

1

24.1 Legacy Series / Configure Unbound to only override A Record

« on: March 31, 2024, 02:59:40 pm »

Hi all,

i have a setup which uses IPv4 with static local IPs and IPv6 with Dynamic prefix. I run some Server services locally. For that i use Unbound to override some A records to point to the local IP of the Server (for clients in the local net to reach the server).

This works great however unbound also overrides the AAAA record when an A override is set (which i do not want). I also cannot set the AAAA Record in parallel to override manually since the IPv6 has an dynamic prefix and changes regularly. For the firewall rules i can use an IPv6 Alias which works but seems not to be possible for the Unbound override.

So how can i tell unbound to only override the A record and leave the original AAAA record in place ?

Regards

2

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 17, 2024, 04:53:21 pm »

@joshndroid which of the 3 patches did you apply ?

3

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 16, 2024, 12:45:04 am »

i dont use any overrides. Only customization i use for Unbound is DoT.

4

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 15, 2024, 11:05:00 pm »

i might have a way to trigger it now but iam still testing. Could you tell me how to use DTrace than i happy to help debugging.

5

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 15, 2024, 10:42:02 pm »

Could you try

Code: [Select]

cd /tmp
ktrace -p <pid of misbehaving unbound>
# wait a couple of seconds
ktrace -C
kdump

I could catch a crash live today and tried this command. But the output was empty. To make sure i did it correct i tested it for another process and i got plenty of output, i tried mutliple times while waiting more than 5 minutes but output was still empty so i guess the process is just dead ? So the unbound process just sits there with 97% usage and DNS resolution does not work anymore until i kill it.

Output was again:

Code: [Select]

2024-02-15T19:34:08 Critical unbound [18464:3] fatal error: Could not initialize thread
2024-02-15T19:34:08 Error unbound [18464:3] error: Could not set root or stub hints
2024-02-15T19:34:08 Error unbound [18464:3] error: reading root hints /root.hints 8:14: Syntax error, could not parse the RR's class
  TypeError: an integer is required (got type NoneType)
  os.write(self._pipe_fd, res.encode())
  File "dnsbl_module.py", line 227, in log_entry
  mod_env['logger'].log_entry(
  File "dnsbl_module.py", line 379, in cache_cb
  logger.close()
  File "dnsbl_module.py", line 444, in deinit

6

24.1 Legacy Series / Re: 24.1 IDS breaks internet

« on: February 15, 2024, 11:32:48 am »

My bad the issue lies somewhere else, nothing to do with IDS.

7

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 15, 2024, 11:21:47 am »

Ok understood. Since i had this issue the last weeks as well without any device connecting or disconnecting i still think its at least not only related to not using a switch so i try to gather additional data.

8

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 15, 2024, 10:54:10 am »

So you say the Unbound error is a directly connecting to not using a switch ? Or is this just an assumption? i know its not best practice but it worked flawlessless for years so suddenly this error appeared with some changes ?

9

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 15, 2024, 10:47:42 am »

i understand it fires a script when changes on the interface can happen. But still something seems to cause the issue when the script fires (at least i assume this based on your answer) so we should try to debug this instead of saying never up and down an interface to avoid running the script ?

Also i assume its a pretty normal setup for people connecting devices to the firewall itself without a switch ?

Also iam pretty sure this problem happend also when no device changes was happening (so all running). So maybe its just a coexistence ? @lar.hed did you ever see this error triggering when one of your devices connects / disconnects from the interface ?

10

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 15, 2024, 10:41:06 am »

Since OP has no bridge but the same error it seems to be unrelated. Also it runs like this for 2 years+ (with no  penalty affecting me) so maybe i was on the wrong track here and the interface has nothing to do with it. Pretty sure its still something with unbound.

11

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 15, 2024, 10:31:33 am »

Iam using a MiniPC with multiple ports and connected all Devices directly to it. Its running this way since 2 years so i dont see any issue with that ? I just saw the log so i assumed its worth posting this. Why would a switch between the PC and the Firewall change any of this ? i Dont need a switch the Firewall has enough ports to cover all devices. i dont have any issues with the devices whatsoever only unbound started causing the mentioned issues since the recent update.

12

24.1 Legacy Series / Re: Unbound just hit 100% CPU on one core again...

« on: February 15, 2024, 10:11:45 am »

Iam running in the same issues since 24.1 is there any way to help debug this? It looks like it appears every few days but couldnt find any pattern:

This night it appeard again since monit showed failing DNS resolution in the night. However once my PC was running again it seems to work again without any intervention. So iam not sure if this has some relation or if it just was some random event.

Error when it stopped working was this:

Code: [Select]

2024-02-15T01:58:19 Error unbound [47314:1] error: reading root hints /root.hints 7:8: Syntax error, could not parse the RR's type
2024-02-15T01:58:19 Error unbound [47314:3] error: reading root hints /root.hints 2:13: Syntax error, could not parse the RR's type
  TypeError: an integer is required (got type NoneType)
  os.write(self._pipe_fd, res.encode())
  File "dnsbl_module.py", line 227, in log_entry
  logger.log_entry(query)
  File "dnsbl_module.py", line 548, in operate
Suspiciously the time i shutdown my PC was around 2PM and it looks like after that unbnound started failing. Booting it up again in the morning at around 08:50 and unbound worked again ? Could this have something to do with an specific interface going up or down ? Its the first time i see the link between client going up and down influencing unbound but maybe its just random. Error seems to be the same as from the Thread creator:

Code: [Select]

2024-02-15T08:46:24 Informational unbound [84952:0] info: generate keytag query _ta-4f66. NULL IN
2024-02-15T08:46:23 Informational unbound [84952:0] info: start of service (unbound 1.19.0).
2024-02-15T08:46:23 Notice unbound [84952:0] notice: init module 2: iterator
2024-02-15T08:46:23 Notice unbound [84952:0] notice: init module 1: validator
2024-02-15T08:46:23 Notice unbound [84952:0] notice: init module 0: python
2024-02-15T08:46:20 Notice unbound Closing logger
2024-02-15T01:58:19 Notice unbound Backgrounding unbound logging backend.
2024-02-15T01:58:19 Notice unbound daemonize unbound dhcpd watcher.
2024-02-15T01:58:19 Error unbound [47314:0] error: str: syscall error with errno No error: 0
2024-02-15T01:58:19 Notice unbound [47314:0] notice: failed connection from 127.0.0.1 port 44860
2024-02-15T01:58:19 Informational unbound [47314:0] info: start of service (unbound 1.19.0).
2024-02-15T01:58:19 Critical unbound [47314:1] fatal error: Could not initialize thread
2024-02-15T01:58:19 Critical unbound [47314:3] fatal error: Could not initialize thread
2024-02-15T01:58:19 Informational unbound [47314:3] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
2024-02-15T01:58:19 Informational unbound [47314:3] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2024-02-15T01:58:19 Informational unbound [47314:1] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
2024-02-15T01:58:19 Informational unbound [47314:1] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2024-02-15T01:58:19 Error unbound [47314:1] error: Could not set root or stub hints
2024-02-15T01:58:19 Error unbound [47314:3] error: Could not set root or stub hints
2024-02-15T01:58:19 Error unbound [47314:1] error: reading root hints /root.hints 7:8: Syntax error, could not parse the RR's type
2024-02-15T01:58:19 Error unbound [47314:3] error: reading root hints /root.hints 2:13: Syntax error, could not parse the RR's type
Also the General log shows this for the morning:

Code: [Select]

2024-02-15T08:46:20 Error opnsense /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '47314''(pid:/var/run/unbound.pid) returned exit code '1', the output was 'kill: 47314: No such process'
2024-02-15T08:46:10 Error opnsense /usr/local/etc/rc.linkup: The command `/sbin/ifconfig 'bridge0' addm 'igb1'' failed to execute

13

23.7 Legacy Series / Re: Unbound errors in log file

« on: February 15, 2024, 09:18:32 am »

Did you find any solution ? iam running in the same issue since 24.

Errors are:

Code: [Select]

2024-02-15T01:58:19 Error unbound [47314:1] error: reading root hints /root.hints 7:8: Syntax error, could not parse the RR's type
2024-02-15T01:58:19 Error unbound [47314:3] error: reading root hints /root.hints 2:13: Syntax error, could not parse the RR's type
i didnt change any unbound config but it randomly stopps working now.

General log also shows:

Code: [Select]

/usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '47314''(pid:/var/run/unbound.pid) returned exit code '1', the output was 'kill: 47314: No such process'

14

23.7 Legacy Series / Re: Unbound Failure after update to 23.7.11

« on: February 15, 2024, 09:11:02 am »

iam running 24.1_1 und have the same error, unbound randomly stopps DNS resolution:

After this it stopps:

Code: [Select]

2024-02-15T01:58:19 Error unbound [47314:1] error: reading root hints /root.hints 7:8: Syntax error, could not parse the RR's type
2024-02-15T01:58:19 Error unbound [47314:3] error: reading root hints /root.hints 2:13: Syntax error, could not parse the RR's type
Any ideas how to fix it ?

15

24.1 Legacy Series / Re: 24.1 IDS breaks internet

« on: February 15, 2024, 08:57:52 am »

Is this issue really fixed for 24.1_1? it looks like unbound still fails from time to time. I cannot reproduce it yet but i still get random dns resolution errors. All started with 24.1.