Messages

1

22.1 Legacy Series / Re: [22.1.6] DHCP leases not registered in Unbound

« on: May 09, 2022, 06:26:36 pm »

Nice to have this cross checked. Thanks @FullyBorked.

I rather consider it a bug, because it severly limits functionality of DNS blocklists.

Do you know if there is any (python) log to look for debug information?

Cheers, Marko

2

22.1 Legacy Series / Re: [22.1.6] DHCP leases not registered in Unbound

« on: May 08, 2022, 12:21:25 pm »

I have the same issue here. OPNsense version is 22.1.7

(maybe related: https://forum.opnsense.org/index.php?topic=24931.15 and https://www.reddit.com/r/opnsense/comments/ue91lf/2216_unbound_dhcp_lease_registration_not_working)

What I found so far:
- the DHCP leases in /var/var/dhcpd/var/db/dhcpd.leases are monitored by the unbound dhcpd watcher script /usr/local/opnsense/scripts/dns/unbound_dhcpd.py
- the dhcpd watcher script transfers lease changes to var/unbound/dhcpleases.conf
- if the watcher script is not running, var/unbound/dhcpleases.conf is either stale or empty and name resolution for DHCP clients fails

Please log in to console and check if the script is running

Code: [Select]

ps aux | grep unboundor (like franco stated above)

Code: [Select]

pgrep -f unbound_dhcpd.py
The output should look like

Code: [Select]

root    43084   0.0  0.2 25880 15192  -  Ss   11:49      0:03.51 /usr/local/bin/python3 /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain intern (python3.8)
unbound 51803   0.0  0.6 95052 45708  -  Ss   11:49      0:01.93 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
root    42113   0.0  0.0 12740  2356  0  S+   11:54      0:00.00 grep unbound

If  unbound restarts, the script is restarted as well. Unbound restarts are triggered by config changes, changes of blocklists, LAN and WAN interfaces ups/downs, reboot...

In my case the script was not running. I tested a lot and even set up a brand new machine (Intel Celeron J3160, 1.60GHz, 4 cores, 4 threads) running a fresh OPNsense 22.1.7.

What I have found so far:
- if unbound DNS blocklists are disabled, everything works fine and the dhcp watcher scripts is running
- if unbound DNS blocklists are enabled and every blocklist is checked, the unbound start process takes ~1 minute, the watcher script is started during that process but terminates at some point
- if unbound blocklist are enabled an roughly half the blocklists are checked, everything works fine and the dhcp watcher scripts is running

It looks like the the longer the unbound start process takes, the higher the probability that the watcher script terminates.

Can anybody reproduce this?

P.S.
I was monitoring the start process of unbound frequently with "ps aux|grep unbound". One time I got this:

Code: [Select]

root@router:~ # ps aux | grep unbound
root  61170   0.0  0.0 12892  2404  -  Ss   13:14     0:00.00 /usr/local/bin/flock -n -E 0 -o /tmp/unbound_start.lock /usr/local/opnsense/scripts/unbound/start.sh
root  61287   0.0  0.2 25880 14940  -  R    13:14     0:00.26 /usr/local/bin/python3 /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain intern (python3.8)
root  61592   0.0  0.0 13500  2856  -  S    13:14     0:00.00 /bin/sh /usr/local/opnsense/scripts/unbound/start.sh
root  61729   0.0  0.3 36324 23248  -  R    13:14     0:00.26 /usr/local/sbin/unbound-checkconf /var/unbound/unbound.conf
root  61761   0.0  0.2 25880 14936  -  Rs   13:14     0:00.03 /usr/local/bin/python3 /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain intern (python3.8)
root  62336   0.0  0.0 12740  2356  0  S+   13:14     0:00.00 grep unbound

2 x "unbound_dhcpd.py" ??