"This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
25.1, 25.4 Production Series / Re: WAN IPv6 RAs trigger log spam, CPU load, and dnsmasq reloads
June 03, 2025, 10:31:42 AM #2
24.1, 24.4 Legacy Series / Re: [Solved] frequent log message "New IPv6 on mlxen0"
June 03, 2025, 09:39:18 AM
FWIW I bumped into this as well (now on 21.5.7), only in my case there are now 5 configd and 7 dnsmasq log entries for every RA: https://forum.opnsense.org/index.php?topic=47469.0
#3
25.1, 25.4 Production Series / Re: WAN IPv6 RAs trigger log spam, CPU load, and dnsmasq reloads
June 03, 2025, 09:34:41 AM
I dug into this a little more and confirmed that each RA received on the WAN triggers:
* "New IPv6" message and related processing -- at least two or three scripts are forked each time
* /etc/resolv.conf and /etc/hosts get rewritten (with the same contents)
* dnsmasq noisily reloads the above files
This results in non-trivial CPU load on a near-idle network, e.g. a snapshot from top:
Wouldn't it be reasonable to cache the RA contents, and do nothing if they are the same as last time?
* "New IPv6" message and related processing -- at least two or three scripts are forked each time
* /etc/resolv.conf and /etc/hosts get rewritten (with the same contents)
* dnsmasq noisily reloads the above files
This results in non-trivial CPU load on a near-idle network, e.g. a snapshot from top:
Code Select
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
7507 root 9 28 0 376M 275M kqread 4 19:03 0.98% /usr/local/bin/python3 /usr/local/opnsense/scripts/unbound/logger.py (python3.11)
72017 nobody 1 20 0 17M 6276K select 7 9:16 0.29% /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
84373 root 1 68 0 58M 33M nanslp 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 ax0Wouldn't it be reasonable to cache the RA contents, and do nothing if they are the same as last time?
#4
25.1, 25.4 Production Series / Re: dnsmasq + unbound constantly rewriting /etc/hosts and /etc/resolv.conf
June 02, 2025, 09:54:50 PM
Hmm, I found the configd log is full of:
<13>1 2025-06-02T21:50:40+02:00 <redacted> configd.py 251 - [meta sequenceId="23808"] [f48e13a6-4234-40c4-8adf-dd835f1453a8] New IPv6 on ax0
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23809"] [abb7da35-87a7-49ec-9405-1cd791e690d8] request dhcp options
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23810"] [447be926-549f-4030-b953-a5398b7d201a] request dhcp options6
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23811"] [b6b41c5f-bb32-4f43-9fa7-6c3e81d1efd1] IPsec list legacy VirtualTunnelInterfaces
<14>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23812"] message f48e13a6-4234-40c4-8adf-dd835f1453a8 ['ax0' ''] returned OK
... repeating at a period that matches the roughly 10s rewrites of resolv.conf.
https://forum.opnsense.org/index.php?topic=40477.0 puts this "new IPv6" message down to receiving RAs on the WAN port, but if every RA results in this many processes and log entries, the whole thing seems awfully inefficient.
<13>1 2025-06-02T21:50:40+02:00 <redacted> configd.py 251 - [meta sequenceId="23808"] [f48e13a6-4234-40c4-8adf-dd835f1453a8] New IPv6 on ax0
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23809"] [abb7da35-87a7-49ec-9405-1cd791e690d8] request dhcp options
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23810"] [447be926-549f-4030-b953-a5398b7d201a] request dhcp options6
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23811"] [b6b41c5f-bb32-4f43-9fa7-6c3e81d1efd1] IPsec list legacy VirtualTunnelInterfaces
<14>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23812"] message f48e13a6-4234-40c4-8adf-dd835f1453a8 ['ax0' ''] returned OK
... repeating at a period that matches the roughly 10s rewrites of resolv.conf.
https://forum.opnsense.org/index.php?topic=40477.0 puts this "new IPv6" message down to receiving RAs on the WAN port, but if every RA results in this many processes and log entries, the whole thing seems awfully inefficient.
#5
25.1, 25.4 Production Series / WAN IPv6 RAs trigger log spam, CPU load, and dnsmasq reloads
June 02, 2025, 09:29:12 PM
[I've updated the subject to reflect diagnosis of the issue. See later messages for details.]
I have migrated from ISC DHCP to dnsmasq + unbound DNS, largely following the configuration example in the docs where Unbound forwards DNS queries for the local domain to Dnsmasq on a custom port. Everything seems to work, but my dnsmasq log is full of these entries:
2025-06-02T21:21:54 Informational dnsmasq reading /etc/resolv.conf
2025-06-02T21:21:46 Informational dnsmasq using only locally-known addresses for <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver 127.0.0.1#53
2025-06-02T21:21:46 Informational dnsmasq reading /etc/resolv.conf
...
this repeats approximately every 10 seconds, and indeed /etc/resolv.conf and /etc/hosts are always being rewritten (with the same contents). This interval is much shorter than the DHCP renewals on the WAN link that also rewrite resolv.conf only every 15 minutes.
My best guess is that there's a feedback loop where dnsmasq is both being triggered by these updates to resolv.conf yet also causing them, but I'm not familiar enough with BSD / opnsense to diagnose it. Any tips?
I have migrated from ISC DHCP to dnsmasq + unbound DNS, largely following the configuration example in the docs where Unbound forwards DNS queries for the local domain to Dnsmasq on a custom port. Everything seems to work, but my dnsmasq log is full of these entries:
2025-06-02T21:21:54 Informational dnsmasq reading /etc/resolv.conf
2025-06-02T21:21:46 Informational dnsmasq using only locally-known addresses for <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver <redacted>
2025-06-02T21:21:46 Informational dnsmasq using nameserver 127.0.0.1#53
2025-06-02T21:21:46 Informational dnsmasq reading /etc/resolv.conf
...
this repeats approximately every 10 seconds, and indeed /etc/resolv.conf and /etc/hosts are always being rewritten (with the same contents). This interval is much shorter than the DHCP renewals on the WAN link that also rewrite resolv.conf only every 15 minutes.
My best guess is that there's a feedback loop where dnsmasq is both being triggered by these updates to resolv.conf yet also causing them, but I'm not familiar enough with BSD / opnsense to diagnose it. Any tips?
Pages1
