"
Hello everyone,
I'm writing to report a recurring issue with Unbound DNS since upgrading to OPNsense 25.7. My setup uses Unbound to forward all queries to Control D via DNS over TLS (DoT).
The Problem:
The configuration works perfectly for several hours, but then DNS resolution will suddenly stop for all clients. The only way to restore functionality is to manually restart the Unbound service from the OPNsense dashboard. After a restart, it works perfectly again for another few hours.
Log Evidence:
When the failure occurs, the Unbound log is filled with the following error for every query, which indicates it has "forgotten" its list of forward servers:
Error: SERVFAIL <domain.com A IN>: all the configured stub or forward servers failed, at zone. no server to query nameserver addresses not usable have no nameserver names
Troubleshooting Done:
I initially thought this was an issue with the os-ctrld plugin, but I experienced the same behavior after removing it and configuring DoT directly in Unbound. This suggests the issue lies within Unbound's integration in OPNsense 25.7, as the configuration itself is correct and works flawlessly after a service restart.
Question:
Has anyone else experienced similar behavior with Unbound on 25.7, where it seems to lose its DoT forwarder configuration until the service is restarted?
I'm writing to report a recurring issue with Unbound DNS since upgrading to OPNsense 25.7. My setup uses Unbound to forward all queries to Control D via DNS over TLS (DoT).
The Problem:
The configuration works perfectly for several hours, but then DNS resolution will suddenly stop for all clients. The only way to restore functionality is to manually restart the Unbound service from the OPNsense dashboard. After a restart, it works perfectly again for another few hours.
Log Evidence:
When the failure occurs, the Unbound log is filled with the following error for every query, which indicates it has "forgotten" its list of forward servers:
Error: SERVFAIL <domain.com A IN>: all the configured stub or forward servers failed, at zone. no server to query nameserver addresses not usable have no nameserver names
Troubleshooting Done:
I initially thought this was an issue with the os-ctrld plugin, but I experienced the same behavior after removing it and configuring DoT directly in Unbound. This suggests the issue lies within Unbound's integration in OPNsense 25.7, as the configuration itself is correct and works flawlessly after a service restart.
Question:
Has anyone else experienced similar behavior with Unbound on 25.7, where it seems to lose its DoT forwarder configuration until the service is restarted?
