Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - dominick-cc

Pages: [1]

24.1 Legacy Series / Re: Unbound stops working over time

« on: April 16, 2024, 03:15:23 pm »

What sticks out to me between the two diagnostic outputs is that unbound/logger.py was on the "lockf" state. But after restarting it, it became "kqread".

Also, unbound_watcher.py is not present on the list prior to restarting the service. So perhaps whatever that is fails silently and isn't present in the Opnsense logs.

Since unbound_watcher.py seems to be dhcp-related, I pulled some general Opnsense logs for the term "dhcp" and I see that every hour at the 50-minute mark dhcp6c_script is running. Not sure if this is helpful/related but figured I'd include it:

Code: [Select]

2024-04-16T08:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-16T07:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-16T06:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-16T05:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-16T04:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-16T03:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-16T02:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-16T01:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-16T00:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-15T23:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-15T22:50:24-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing	
2024-04-15T21:50:23-04:00	Notice	dhcp6c	dhcp6c_script: RENEW on igc0 executing
...

I did some searching on the forums for why this renewal could be happening, and I saw that someone asked to post the dhcp6c.conf files. I don't really know how these files are produced but on my box here is the output if its helpful to anyone:

Code: [Select]

root@OPNsense:/var/etc # cat dhcp6c.conf
interface igc0 {
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
  prefix ::/56 infinity;
  prefix-interface igc1 {
    sla-id 0;
    sla-len 8;
  };
};
root@OPNsense:/var/etc # cat dhcp6c_wan.conf
interface igc0 {
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
  prefix ::/56 infinity;
  prefix-interface igc1 {
    sla-id 0;
    sla-len 8;
  };
};

Just providing whatever I can that might be helpful for context:

Code: [Select]

root@OPNsense:/var/unbound # cat /var/etc/radvd.conf
# Automatically generated, do not edit
# Generated RADVD config for dhcp6 assignment from wan on lan
interface igc1 {
        AdvSendAdvert on;
        AdvLinkMTU 1500;
        AdvManagedFlag on;
        AdvOtherConfigFlag on;
        prefix REDACTED::/64 {
                DeprecatePrefix on;
                AdvOnLink on;
                AdvAutonomous on;
        };
        RDNSS REDACTED { };
        DNSSL home.arpa { };
};

24.1 Legacy Series / Re: Unbound stops working over time

« on: April 16, 2024, 03:11:59 pm »

Attached is the output of System: Diagnostics: Activity filtered for the term "unbound" after manually restarting the Unbound service (to temporarily resolve this issue)

24.1 Legacy Series / Re: Unbound stops working over time

« on: April 16, 2024, 03:08:50 pm »

Attached is the output of System: Diagnostics: Activity filtered for the term "unbound"

24.1 Legacy Series / Unbound stops working over time

« on: April 16, 2024, 03:07:00 pm »

Hi all,

Since my update to 24.1.x, I've noticed that Unbound stops working randomly at times until I restart the Unbound service or reboot the router manually.

In the attached screenshot, you can see the Unbound reporting showing that all client activity has stopped. On my network, I have so many devices being used, there really should never be a period of no activity like this. Unbound has stopped working somehow and restarting the service would temporarily resolve it. This occurs 1 to 2 times per day.

Under System: Log Files: General, I see only the following unrelated messages for warning and above:

Code: [Select]

2024-04-16T01:15:50-04:00	Error	php	remove config-1693717200.xml from Google Drive	
2024-04-16T01:15:49-04:00	Error	php	backup configuration as config-1713244548.xml	
2024-04-15T01:49:02-04:00	Error	php	remove config-1693630800.xml from Google Drive	
2024-04-15T01:49:01-04:00	Error	php	backup configuration as config-1713160140.xml

Under Services: Unbound DNS: Log File, I don't see any corresponding events with the time that Unbound stopped working:

Code: [Select]

2024-04-16T02:00:53-04:00	Informational	unbound	[73324:0] info: dnsbl_module: blocklist loaded. length is 243545	
2024-04-16T02:00:52-04:00	Informational	unbound	[73324:0] info: dnsbl_module: updating blocklist.	
2024-04-16T02:00:02-04:00	Notice	unbound	blocklist parsing done in 2.59 seconds (243545 records)	
2024-04-16T02:00:02-04:00	Notice	unbound	blocklist: https://big.oisd.nl/domainswild (exclude: 0 block: 233645 wildcard: 233645)	
2024-04-16T02:00:02-04:00	Notice	unbound	blocklist download: 233660 total lines downloaded for https://big.oisd.nl/domainswild	
2024-04-16T02:00:00-04:00	Notice	unbound	blocklist: https://threatfox.abuse.ch/downloads/hostfile (exclude: 1 block: 14123 wildcard: 0)	
2024-04-16T02:00:00-04:00	Notice	unbound	blocklist download: 14133 total lines downloaded for https://threatfox.abuse.ch/downloads/hostfile	
2024-04-16T02:00:00-04:00	Notice	unbound	blocklist download : exclude domains matching .*localhost$

Environment:

OPNsense 24.1.5_3-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13
Intel(R) N100 (4 cores, 4 threads)

24.1 Legacy Series / IPV6 broken since update, unbound stops

« on: April 14, 2024, 05:53:26 pm »

Hi all,

I recently upgraded from an N5105 topton box to an N100 router by the same manufacturer. I loaded the config I backed up from the old router to the new. Additionally, I also setup Opnsense with ZFS on the new router (previously it wasn't). Prior to this I was running 23.x on my N5105 box -- so now I'm on 24.1.5_3:

OPNsense 24.1.5_3-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

The internet mostly works, but something is broken with IPV6 -- and unbound seems to be breaking if I leave it for a while. I can see it not capturing any data in the reporting output. Restarting the unbound service resolves it -- but why does this happen?

On boot, pretty reliably I see the following 4 errors/warnings:

Code: [Select]

2024-04-14T11:43:45-04:00	Error	opnsense	/usr/local/etc/rc.newwanip: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '1', the output was ''	
2024-04-14T11:43:38-04:00	Error	dhcp6c	transmit failed: Can't assign requested address	
2024-04-14T11:43:37-04:00	Error	opnsense	/usr/local/etc/rc.bootup: The command '/sbin/umount '/var/unbound/lib'' returned exit code '1', the output was 'umount: /var/unbound/lib: not a file system root directory'	
2024-04-14T11:43:37-04:00	Warning	opnsense	/usr/local/etc/rc.bootup: dhcpd_radvd_configure(auto) found no suitable IPv6 address on lan(igc1)

So I'm having this issue: https://forum.opnsense.org/index.php?topic=39469.0

But I also have some other issue with IPV6 "found no suitable IPv6 address on lan" that I'm not sure how to resolve.

To add to the confusion, some clients on my networks (android phones) can't load some websites (like llbean.com). But they load fine on my Windows machine on the same network.

Any ideas? I changes a lot of variables all at once by doing this hardware upgrade, with the new version of Opnsense. So I'm not sure where to begin.

24.1 Legacy Series / Re: Unbound: umount: /var/unbound/lib: not a file system root directory

« on: April 14, 2024, 05:47:48 pm »

Quote from: Botanist on April 14, 2024, 05:36:34 pm

Also seeing this, my filesystem was also full, had to restart unbound dns.

How did you tell your filesystem was full and how did you resolve it?

If I run "dh -h" on opnsense, I see that /var/unbound/dev is at 100%. That seems bad. I don't know why it's setup that way. Is that something I should fix? if so -- how?

Code: [Select]

root@OPNsense:~ # df -h
Filesystem                  Size    Used   Avail Capacity  Mounted on
zroot/ROOT/default          442G    1.2G    441G     0%    /
devfs                       1.0K    1.0K      0B   100%    /dev
/dev/gpt/efiboot0           260M    1.8M    258M     1%    /boot/efi
zroot/var/mail              441G     96K    441G     0%    /var/mail
zroot/tmp                   441G     96K    441G     0%    /tmp
zroot                       441G     96K    441G     0%    /zroot
zroot/var/audit             441G     96K    441G     0%    /var/audit
zroot/var/crash             441G     96K    441G     0%    /var/crash
zroot/usr/ports             441G     96K    441G     0%    /usr/ports
zroot/var/log               441G    1.1M    441G     0%    /var/log
zroot/usr/home              441G     96K    441G     0%    /usr/home
zroot/var/tmp               441G     96K    441G     0%    /var/tmp
zroot/usr/src               441G     96K    441G     0%    /usr/src
tmpfs                       3.1G    1.8M    3.1G     0%    /var/log
tmpfs                       806M    1.3M    804M     0%    /tmp
devfs                       1.0K    1.0K      0B   100%    /var/dhcpd/dev
devfs                       1.0K    1.0K      0B   100%    /var/unbound/dev
/usr/local/lib/python3.9    442G    1.2G    441G     0%    /var/unbound/usr/local/lib/python3.9
/lib                        442G    1.2G    441G     0%    /var/unbound/lib

24.1 Legacy Series / Re: Unbound: umount: /var/unbound/lib: not a file system root directory

« on: April 14, 2024, 04:12:25 pm »

I'm also seeing this error:

Code: [Select]

2024-04-13T04:00:56-04:00	Error	opnsense	/usr/local/etc/rc.restart_webgui: The command '/usr/sbin/daemon -f -p '/var/run/updaterrd.pid' '/var/db/rrd/updaterrd.sh'' returned exit code '3', the output was 'daemon: process already running, pid: 31061'	
2024-04-13T04:00:56-04:00	Error	opnsense	/usr/local/etc/rc.newwanipv6: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '1', the output was ''	
2024-04-13T04:00:49-04:00	Error	dhcp6c	transmit failed: Can't assign requested address	
2024-04-13T04:00:48-04:00	Error	opnsense	/usr/local/etc/rc.bootup: The command '/sbin/umount '/var/unbound/lib'' returned exit code '1', the output was 'umount: /var/unbound/lib: not a file system root directory'

Versions:

OPNsense 24.1.5_3-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

Pages: [1]