Messages

1

General Discussion / Re: Unbound SERVFAIL Exceeded maximum number of sends

« on: April 11, 2024, 12:18:00 am »

Hi,
I had Unbound DNS: Access Lists on Allow as default action as i was doing tests, and servicing WAN while doing so was a bad idea.
I re-set everything to Deny, on the General tab on  Network Interfaces i simply left LAN and my VLAN and removed WAN

2

General Discussion / Re: Unbound periodically stops resolving some hostnames

« on: March 14, 2024, 09:26:44 pm »

Is your unbound also serving WAN and maybe you got ACL overrides?
Just as a personal reference after I disabled WAN requests , my problems went away (I also increased number of queries per thread)

What do you have under DNS server options on the General page?

Under system > settings > general > DNS servers I have 1.1.1.1 and 8.8.8.8.

Not DNS servers.  DNS server options.  The section below where the DNS servers are entered.

Nothing checked there.

3

General Discussion / Unbound SERVFAIL Exceeded maximum number of sends

« on: March 13, 2024, 06:35:48 pm »

Hi,
I have had a problem where sometimes (usually in the peak moments of the day) DNS request gets a SERVFAIL for exceeded number of sends. (It's usually 3-4 times a days)

Before upgrading to OPNsense 24.1.3_1-amd64 i didn't have this kind of problem.
I tried double checking my setup just to be sure, but nothing there seemed out of place.

IPv6 Is disabled overall, I'm using 8.8.8.8 or 1.1.1.1 as default DNS on Opnsense, with no override on LANs.

In unbound I don't have DNSSEC and I don't have query forwarding ON.

Every now and then I get SERVFAIL for exceeded maximum requests, I have up to 8000 contemporary requests at specific times of the day.
If i switch to dnsqmasq I have no problems.

Code: [Select]

2024-03-13T15:30:01 Error unbound [87768:2] error: SERVFAIL <mi-speedtest.optimaitalia.com. A IN>: exceeded the maximum number of sends
2024-03-13T15:06:43 Error unbound [87768:2] error: SERVFAIL <cdn.id5-sync.com. A IN>: exceeded the maximum number of sends
2024-03-13T13:42:53 Error unbound [87768:1] error: SERVFAIL <ecs.office.com. A IN>: exceeded the maximum number of sends
2024-03-13T13:37:06 Error unbound [87768:1] error: SERVFAIL <www.msftncsi.com. AAAA IN>: exceeded the maximum number of sends

An example of an extended log:

Code: [Select]

2024-03-13T18:33:03 Informational unbound [8352:2] info: query response was REFERRAL
2024-03-13T18:33:03 Informational unbound [8352:2] info: reply from <com.> 192.35.51.30#53
2024-03-13T18:33:03 Informational unbound [8352:2] info: response for _https._tcp.developer.download.nvidia.com. SRV IN
2024-03-13T18:33:03 Informational unbound [8352:2] info: resolving _https._tcp.developer.download.nvidia.com. SRV IN
2024-03-13T18:33:03 Error unbound [8352:0] error: SERVFAIL <_https._tcp.developer.download.nvidia.com. SRV IN>: exceeded the maximum number of sends
2024-03-13T18:33:03 Informational unbound [8352:1] info: resolving ns3.canonical.com. AAAA IN
2024-03-13T18:33:03 Informational unbound [8352:0] info: resolving _https._tcp.developer.download.nvidia.com. SRV IN
2024-03-13T18:33:03 Informational unbound [8352:1] info: resolving _http._tcp.archive.ubuntu.com. SRV IN
Thanks in advance
EDIT. Dum dum here. I double checked ACL and I had allow as default action, while unbound was servicing WAN. I removed WAN, set ACL to Deny and everything is running smoothly.

4

General Discussion / Re: Unbound periodically stops resolving some hostnames

« on: March 12, 2024, 10:15:32 pm »

Hi,
I have had the same problems since a few updates ago.
I'm on  OPNsense 24.1.3_1-amd64

IPv6 Is disabled overall, I'm using 8.8.8.8 or 1.1.1.1 as default DNS on opnsense, with no override on LANs.
In unbound I don't have DNSSEC and I don't have query forwarding ON.
Every now and then I get SERVFAIL for exceeded maximum requests, I have up to 8000 contemporary requests at specific times of the day.
With dnsqmasq I have no problems