Messages

Unbound on port 53, DNSmasq on port 53053, and set up the Unbound query forwarding in accordance with OPNSense docs:
https://docs.opnsense.org/manual/dnsmasq.html

I followed the examples at that link for my configuration, and it's running flawlessly for me across 5 different interfaces. Unlike the first person who responded to you, I feel like this was a pretty rock solid initial release for a lighter and more efficient DHCP. From what I've gathered between here and Reddit, the majority of the people having issues decided to wing it with their setup and didn't read the guides first.

For anyone that cares, the online guide spells most of this out in the examples section. At least three of your main points are explicitly covered, so I never ran into these issues when swapping over.

For anyone that is feeling apprehensive about doing this swap-over from ISC to DNSmasq:

I'm a complete idiot with a semi-complicated setup, and still got it working first try. The guide is dumbed down enough that I didn't have any issues, and everything is working perfectly fine. It did take me ~1 hour to do it since there were a lot more steps than the initial setup for ISC, but it wasn't difficult (just repetitive).

Same issue:

https://forum.opnsense.org/index.php?topic=45286.0

Same issue, but I was starting to have problems before 24.7.12. The token was expiring after approximately 5 days despite consistent heartbeats. I contacted ET Labs and they said they've received multiple reports of this and were looking into it.

Something has further degraded though... just like you guys, updating the token isn't fixing the issue anymore. I can't update ET Pro rules, the widget doesn't work, and I'm getting the same error in my logs as above. That said, I'm confident it's not an OPNsense issue.

Sorry to bring up an old thread, but this latest 24.7.7 update seems to have helped reduce the CPU utilization problem. I'm still not at pre-24.7 levels, but it's definitely a welcome steep drop I can see in my health reporting charts. Another user in the update thread on Reddit has posted the same positive observation.

Does anyone know what changed that improved this?

I also use a Protectli VP2420, and after the 24.7 update have had higher CPU temps and utilization. After a little research on things to mitigate the problem, I added the "dev.cpu.0.cx_lowest" tunables.

This reduced my CPU temps by ~4C, and haven't noticed any issues. I was concerned about possible stability or latency issues, but so far it has been a positive improvement.

I apologize if I sounded argumentative, was just trying to relay what I'm seeing. I genuinely only take issue with one person in this thread.

One note, I'm currently limited to what I can access via web GUI...

I checked my config.xml and <updatefreq> was only set for one 1 alias (not the Geoblock), of which I updated it so it's no longer set either... That had no impact, however.

Playing with Geoblock further, I have to get the number of current table entries below 100,000 (only 1/10th of the Geoblock list) for there to be any impact to temps and utilization.

I'm also curious about what exactly is happening when update_tables.py runs and the task it's performing, since it's not actually updating the aliases. If it were, I assume I'd see changes to the "Last updated" timestamp everytime it runs. However, the time stamp is only updating once a day based on Cron schedule.

I only have 5 aliases, and I followed the guides when I did my initial install. There is enough available, there are no errors in my logs, and the problems didn't arise until after the 24.7 install - which is why I could see the noticeable difference in health reporting.

I searched before posting, and there is a lot of people reporting that specific process running about once a minute over the years without anyone contradicting it as abnormal... Disabling the Geoblock alias also does not change the frequency that the process runs, it only changes the percentage of CPU utilization to pre-24.7 levels.

It's not running all the time, but approximately once a minute for a few seconds which is enough to effect temperature readings and the average CPU usage under health reporting.

Do you happen to use any firewall aliases with large table entries loaded?

I discovered that by disabling Maxmind Geoblock, I'm able to reduce my temperatures and utilization to pre-24.7 levels. Since I made no alteration to any of mine between 24.1 and 24.7, I think python 3.11 introduced a bug.

Followup:

I've found a workaround that reduces my CPU utilization and temps to pre-24.7 levels. The problem is:
/usr/local/bin/python3 /usr/local/opnsense/scripts/filter/update_tables.py

When I disable the Maxmind Geoblock aliases, the CPU temp drops by 10C and utilization from that process drops by 50%. If I reenable that alias, the temp and utilization jump back up.

I have not altered any of these aliases, and the table entries are consistent with what they were under 24.1. This leads me to believe there is still an underlying problem that needs to be identified (this just helps narrow it down).

Since this is a python script, and 24.7 brought us python 3.11 - Is it possible that python 3.11 is the underlying problem?

Fun fact, I saw your thread on Reddit and linked to it here (sorry for not responding, I don't have an account there):
https://forum.opnsense.org/index.php?topic=41759.45

I've also noticed increased CPU utilization, and wondering if increased temperature readings are a 3rd order effect of whatever the overall underlying cause is.

I personally have been unable to identify the reason for it.

Or, hear me out, the CPU utilization issue seen here and elsewhere is the problem.

I am not ignoring that, as I'm well aware that hardware differences and such can impact differently just like with any other piece of software. Any legitimate testing takes into account different platforms.