Unbound error after upgrade to 20.7.8

[ChrisChros]

Hi,

yesterday I did the update to 20.7.8 and after the update was performed without any errors and the system restarted as expected. After the reboot I figured problems to open webpages.
My System is configured as shown below:

System: Settings: General no DNS Server added
https://drive.google.com/file/d/1MeoVYYUyoXL3LQHoucpKpvXrv-3LLn3H/view?usp=sharing

IP-Adress of Pi-Hole added to DHCPv4 for all connections
Firewall: NAT: Port Forward Rule to Pi-Hole
https://drive.google.com/file/d/19F-80MQjuu-3H624hFmcckkd1c7YMLOK/view?usp=sharing

Firewall: NAT: Outbound Rule to Pi-Hole
https://drive.google.com/file/d/1moS0jhF38LuqmhichmH6_LWUbhCRqF97/view?usp=sharing

Pi-Hole: Settings: DNS Custom 1 pointing to OPNsense Box (192.168.1.1)
Unbound configured as shown in the picture
https://drive.google.com/file/d/1T-tSbratH_UA1745gNVghkGo2e3fSVA1/view?usp=sharing

Bevor or after the update I did no changes to the system. With 20.7.7 everything was working like a charm. After the update I cant connect to any webpage, but connection to the internet was established, received Gateway and IP from ISP.

In the log file of unbound I found the following messages:

Code: [Select]

2021-01-19T21:56:59 unbound[28604] [28604:1] error: outgoing tcp: connect: Permission denied for 192.33.4.12 port 853
2021-01-19T21:56:59 unbound[28604] [28604:0] error: outgoing tcp: connect: Permission denied for 159.69.114.157 port 853
2021-01-19T21:56:59 unbound[28604] [28604:0] info: start of service (unbound 1.13.0).
2021-01-19T21:56:59 unbound[28604] [28604:0] notice: init module 1: iterator
2021-01-19T21:56:59 unbound[28604] [28604:0] notice: init module 0: validator
2021-01-19T21:56:16 unbound[28604] [28604:0] notice: Restart of unbound 1.13.0.
2021-01-19T21:56:16 unbound[28604] [28604:0] info: 0.000000 0.000001 13
2021-01-19T21:56:16 unbound[28604] [28604:0] info: lower(secs) upper(secs) recursions
2021-01-19T21:56:16 unbound[28604] [28604:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
2021-01-19T21:56:16 unbound[28604] [28604:0] info: histogram of recursion processing times
2021-01-19T21:56:16 unbound[28604] [28604:0] info: average recursion processing time 0.000000 sec
2021-01-19T21:56:16 unbound[28604] [28604:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
2021-01-19T21:56:16 unbound[28604] [28604:0] info: server stats for thread 3: 160 queries, 147 answers from cache, 13 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2021-01-19T21:56:16 unbound[28604] [28604:0] info: 0.000000 0.000001 16
2021-01-19T21:56:16 unbound[28604] [28604:0] info: lower(secs) upper(secs) recursions
2021-01-19T21:56:16 unbound[28604] [28604:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
2021-01-19T21:56:16 unbound[28604] [28604:0] info: histogram of recursion processing times
2021-01-19T21:56:16 unbound[28604] [28604:0] info: average recursion processing time 0.000000 sec
2021-01-19T21:56:16 unbound[28604] [28604:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
2021-01-19T21:56:16 unbound[28604] [28604:0] info: server stats for thread 2: 191 queries, 175 answers from cache, 16 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2021-01-19T21:56:16 unbound[28604] [28604:0] info: 0.000000 0.000001 15
2021-01-19T21:56:16 unbound[28604] [28604:0] info: lower(secs) upper(secs) recursions
2021-01-19T21:56:16 unbound[28604] [28604:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
2021-01-19T21:56:16 unbound[28604] [28604:0] info: histogram of recursion processing times
2021-01-19T21:56:16 unbound[28604] [28604:0] info: average recursion processing time 0.000000 sec
2021-01-19T21:56:16 unbound[28604] [28604:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
2021-01-19T21:56:16 unbound[28604] [28604:0] info: server stats for thread 1: 125 queries, 110 answers from cache, 15 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2021-01-19T21:56:16 unbound[28604] [28604:0] info: 0.000000 0.000001 13
2021-01-19T21:56:16 unbound[28604] [28604:0] info: lower(secs) upper(secs) recursions
2021-01-19T21:56:16 unbound[28604] [28604:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
2021-01-19T21:56:16 unbound[28604] [28604:0] info: histogram of recursion processing times
2021-01-19T21:56:16 unbound[28604] [28604:0] info: average recursion processing time 0.000000 sec
2021-01-19T21:56:16 unbound[28604] [28604:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
2021-01-19T21:56:16 unbound[28604] [28604:0] info: server stats for thread 0: 104 queries, 91 answers from cache, 13 recursions, 0 prefetch, 0 rejected by ip ratelimiting

and later there were some entries

Code: [Select]

2021-01-19T21:58:35 unbound[86001] [86001:0] error: outgoing tcp: bind: Can't assign requested address
2021-01-19T21:58:35 unbound[86001] [86001:0] error: outgoing tcp: bind: Can't assign requested address
2021-01-19T21:58:35 unbound[86001] [86001:0] error: outgoing tcp: bind: Can't assign requested address
2021-01-19T21:58:35 unbound[86001] [86001:0] info: start of service (unbound 1.13.0).
2021-01-19T21:58:35 unbound[86001] [86001:0] notice: init module 1: iterator

Has somebody else recognized problems with unbound and the last update of OPNsense?

Regards Chris

[Gauss23]

Services: Unbound DNS: General

Maybe it helps to change the listen and/or outgoing interfaces to something else, then save, reload service, change back, save and reload again.

[ChrisChros]

Thanks for your suggestions, will give it a try this evening.
But this should not happen after a regular update of the OS. As fare as I see unbound was not part of the update, it is still the version 1.13.0_1.

[franco]

The trigger was likely the reboot itself and not the update preceding it.


Cheers,
Franco

[ChrisChros]

Maybe it helps to change the listen and/or outgoing interfaces to something else, then save, reload service, change back, save and reload again.

I followed your suggestion and now it's working again. Don't know what was going wrong during the restart after the update. Will keep an eye on it.

Chris