Recent posts

#21
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by Monviech (Cedrik) - January 30, 2026, 09:45:45 PM
Im not sure what to answer there, since it relates to another email in the same mailing list thread. And its about OpenWRT which is linux based. We don't even know if the issue reported there, and the issue you have are the same.

Yours is more clearly scoped around DHCPv6 and/or RA as it seems, and less likely  around configuration reloads (just going from heuristics, I don't know for sure).

Als you didnt test with an older version, you tested with 2.91 and 2.92 now.

If you must use a devel built with the --log-malloc option we can probably try to help offering something, but could you send your other logs yet that were requested earlier in the mailing list?

For reference Im following it here:
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/
#22
26.1 Series / Re: OpnSense 25.7.11_9 upgrade...
Last post by franco - January 30, 2026, 09:39:47 PM
> The Package manager "pkg" is incompatible and needs a reinstall.

Go to Firmware: Packages tab and click reinstall button for "pkg". You probably have a bad one from FreeBSD.

After that try the upgrade again.


Cheers,
Franco
#23
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - January 30, 2026, 09:24:16 PM
Hi Cedrik,
Can you answer Simon's questions?

I just sent SIGHUP twice in succession to the dnsmasq process in my
OpenWRT router, with the new malloc-logging feature enabled.

HUP frees a load of configuration and the re-reads it and I correlated
all the memory freed by the second HUP with what was allocated in the
first HUP.

It's perfect. Every block is freed.


This is a fairly old installation, so old libraries, etc, but the very
latest dnsmasq code.

The configuration it's re-reading is pretty small.

I then tried your technique of hitting dnsmasq hard with many HUPs.

I had to go up to half a million to see much effect, but I guess most of
those were dropped since they will have arrived before the previous one
was cleared.

In any case I could see a reproducible rise of a few percent in the VSZ
of the process each time.

What's clear is that the configuration is stored in a _lot_ of small
allocations, so re-reading a substantial configuration  will free a lot
of small blocks and then malloc a lot of small blocks.

A quick Google produces some complaints about the fragmentation
performance of musl, which may be significant.

Is your installation using musl as the C library, and is it possible to
build dnsmasq against, say glibc to test?

Nearly all of the memory management on dnsmasq that gets hit by
answering DNS or DHCP requests avoid hammering the malloc system by
building pools of free data structures that get re-cycled as needed.
Once the pools have grown to equilibrium size, even a very busy server
hardly uses the heap. I guess the configuration code to use the same
policy, but it's a big re-write, and re-reading configuration on a
sub-second timescale is an unlikely use-case.




Cheers,

Simon.
#24
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - January 30, 2026, 09:20:54 PM
Hi Franco,
No change in behavior with the older version...

root@OPNsense:~ # cat dns_mem_usage.out
Fri Jan 30 06:40:33 EST 2026
  PID %CPU  RSS   VSZ COMMAND
80630  0.0 6176 17772 dnsmasq
Fri Jan 30 07:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 19236 33644 dnsmasq
Fri Jan 30 08:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 31632 46956 dnsmasq
Fri Jan 30 09:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 47600 65388 dnsmasq
Fri Jan 30 10:40:33 EST 2026
  PID %CPU   RSS   VSZ COMMAND
80630  0.0 64412 92012 dnsmasq
Fri Jan 30 11:40:34 EST 2026
  PID %CPU   RSS    VSZ COMMAND
80630  0.0 79216 108396 dnsmasq
Fri Jan 30 12:40:34 EST 2026
  PID %CPU   RSS    VSZ COMMAND
80630  0.0 91224 128876 dnsmasq
Fri Jan 30 13:40:34 EST 2026
  PID %CPU    RSS    VSZ COMMAND
80630  0.0 107776 128876 dnsmasq
Fri Jan 30 14:40:34 EST 2026
  PID %CPU    RSS    VSZ COMMAND
80630  0.0 124400 153452 dnsmasq

#25
26.1 Series / Woke up to a failed 26.1 insta...
Last post by Sisko - January 30, 2026, 09:12:07 PM
I did a webUI upgrade yesterday and exported/imported my rules over. Ran it for a few hours with the Dashboard open and saw no issues, even after a few reboots.

Went to bed 3am, woke up at 9am and the router stopped routing. Using the VGA port for display, I logged in locally and tried to reboot. Got the option menu to reboot or restore, etc. Selected reboot, started to and hung.

Never rebooted, so I had to hard shutdown the router. Upon coming back up, it couldn't find a library and asked for a location and I choose default. Stopped right there. Worst upgrade of Opnsense I ever experienced in the last year of using Opnsense.

Wiped everything this morning and restored to my config backup of 25.7.11

This is the hardware in question:

https://www.qotom.net/product/MiniPC_Q20300S9_S10_Series.html

/w 32GB Intel Optane SSD and 32GB of DDR4 RAM

Sorry I don't have more complete info or logs. I had a migraine this morning and just wanted to brute force fix it asap.
#26
25.7, 25.10 Series / Re: Using the same FQDN both i...
Last post by adv - January 30, 2026, 09:05:30 PM
Quote from: vk2him on January 30, 2026, 09:53:17 AM
Quote from: adv on January 30, 2026, 01:59:00 AMAny thoughts on if my router should be accessible via example.com and why I am getting an error?

The help for the setting "Alternate Hostnames" under System > Settings > Administration says this: "Alternate Hostnames for DNS Rebinding and HTTP_REFERER Checks
Here you can specify alternate hostnames by which the router may be queried, to bypass the DNS Rebinding Attack checks. Separate hostnames with spaces."

Perhaps you could enter this in there and see if you still get the error?
example.dyndns.org example.com

I tried that and it works but it worries me because I would think that it should work without it, right?  I'm wondering if there is something broken in my setup that is causing it not to work.  And is it another symptom of whatever is causing the other problems in my setup?

Does anyone have an ideas about what I might have done wrong?
#27
25.7, 25.10 Series / Re: Let's Encrypt IP address c...
Last post by adv - January 30, 2026, 08:52:57 PM
Quote from: rajiv on January 30, 2026, 04:54:17 AMThe code change to support profiles in the os-acme-client plugin was merged today, after the 26.1 release. So I would guess it will be in the next version. I do not know the details of the OPNSense release process, so we'll have to wait and see. You can see the code in opnsense/plugins/pull/5154.

The code shows that once the feature is available, there will be a "Certificate Profile" text field in the "Edit Certificate" dialog.

Thanks so much @rajiv for that info.  I'll wait until it is released and test it and then mark this as solved once functionality is confirmed.
#28
26.1 Series / OpnSense 25.7.11_9 upgrade to ...
Last post by Noci - January 30, 2026, 08:47:50 PM
Well that stops quickly.
Copy paste from the status window.

***GOT REQUEST TO UPGRADE***
Currently running OPNsense 25.7.11_9 (amd64) at Fri Jan 30 20:31:26 CET 2026
Fetching packages-26.1-amd64.tar: ............. done
Fetching base-26.1-amd64.txz: ..... done
Fetching kernel-26.1-amd64.txz: ... done
Extracting packages-26.1-amd64.tar... done
Extracting base-26.1-amd64.txz... done
Extracting kernel-26.1-amd64.txz... done
Please reboot.
>>> Invoking upgrade script 'sanity.sh'
The Package manager "pkg" is incompatible and needs a reinstall.
>>> Error in upgrade script '10-sanity.sh'
>>> Invoking upgrade script 'isc-dhcp-plugin.sh'
Installing legacy ISC-DHCP plugin for compatibility...
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
   os-isc-dhcp: 0.1

Number of packages to be installed: 1

883 B to be downloaded.
[1/1] Fetching os-isc-dhcp-0.1: . done
Checking integrity... done (0 conflicting)
[1/1] Installing os-isc-dhcp-0.1...
[1/1] Extracting os-isc-dhcp-0.1: . done
Checking integrity... done (0 conflicting)
Nothing to do.
>>> Invoking upgrade script 'cleanup.sh'
The upgrade was aborted due to an error.
***DONE***


#29
26.1 Series / Re: Identity Association IPv6 ...
Last post by tgurr - January 30, 2026, 08:38:46 PM
Quote from: bazineta on January 30, 2026, 06:45:28 PMThis appears to work properly with the prefix delegation setup, and all the usual IPv6 tests pass, but this is usually the point where more learned individuals tell me that I'm being an idiot, so let's see what they have to say.

Sounds sensible to me, sent you a pm asking for details cause I'm interested to try to replicate your setup.
#30
25.7, 25.10 Series / Re: [SOLVED] hostwatch at 100%...
Last post by franco - January 30, 2026, 08:29:47 PM
The .11 in 26.1_4 enforces the proper cleanup now. Just make sure to restart after update.


Cheers,
Franco