Unbound blocklist update script failing in 22.7.2

Started by GorillaxJax, August 18, 2022, 08:28:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 18, 2022, 08:28:59 AM
Hey all,

I recently started using OPNsense and am loving it so far.

I just stopped using a PiHole and swapped to using the unbound blocklists to simplify my network. Unfortunately, I have been running into issues when I try to click "Download and Apply" on the Blocklist screen. I tracked down under System -> Log files -> Backend that the actual script was failing:


SeverityProcessLine
Errorconfigd.py   [c6b3537c-2d37-4922-bb08-7dd6c4c0ffc1] Script action failed with Command ' /usr/local/opnsense/scripts/unbound/blocklists.py && /usr/local/opnsense/scripts/unbound/wrapper.py -b ' returned non-zero exit status 99. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 482, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command ' /usr/local/opnsense/scripts/unbound/blocklists.py && /usr/local/opnsense/scripts/unbound/wrapper.py -b ' returned non-zero exit status 99.

Any ideas on how to fix this? I've tried the usual audits, restarting services, restarting the whole machine, and checking for updates.
August 18, 2022, 09:28:40 AM #1
Easiest option to reveal the actual error is to execute the following on a console:

Code Select

/usr/local/opnsense/scripts/unbound/blocklists.py && /usr/local/opnsense/scripts/unbound/wrapper.py -b


confgd only tells you which action failed, but doesn't dump the full output.
August 18, 2022, 06:01:35 PM #2
Good point. I ran it in command line but it seems to have executed successfully, no errors thrown.

After running it again from the web GUI it seems like it timed out:

Code Select
configd.py Timeout (120) executing : unbound dnsbl

And now every time I try to run it from the GUI it throws that same error I've posted before. It maybe seems to be timing out trying to download a block list?
August 18, 2022, 06:08:40 PM #3
the timeout isn't very unusual if processing and downloading take a long time (>120 seconds), it doesn't sound logical that the manual commands don't fail when executed manually, connectivity issues maybe? failing random.
August 18, 2022, 11:27:15 PM #4
Well once I ran it in command line again I checked the unbound logs and noticed that it was actually updating blocklists in the background.

Code Select
blocklist download done in 992.24 seconds

It seems to be that if the Download and Apply button/script is ran from the Web GUI, if it takes more than 120 seconds it is killed as it is deemed 'stuck'. If ran manually, it will continue to update until all lists are updated even if it takes 16.5 minutes.
August 19, 2022, 12:56:44 AM #5
I seem to have fixed it. The fix for me was I turned on DNS64 and as such when it was trying to resolve Blocklist DNS rules it defaulted to the AAAA address when some of them only have a A address.

Once I turned off DNS64 and reloaded Unbound the blocklist was updated in only a few seconds instead of 900.

Thanks for the help and pointing me to a few other troubleshooting steps!

Code Select
2022-08-18T15:56:27-07:00 Notice unbound blocklist download done in 16.20 seconds (268659 records)
Print
Go Up Pages1
User actions