unbound not resolving in upgrade to 23.1_6

Started by jaydub, February 06, 2023, 06:24:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2023, 06:24:55 PM
This morning I upgraded and am currently running OPNsense 23.1_6 and unbound 1.17.1_1

I can't get anything to resolve with unbound. I can ping outside IP addresses (8.8.8.8) but couldn't resolve any names with unbound. I turned off my blocklists thinking that had something to do with it but that's not it either even after restarting the service. I have had to turn off unbound and go to dnsmasq for now. I have also rebooted opnsense several times.

From the command line I get:
#host google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host google.com not found: 2(SERVFAIL)

In the logs it appears it is all working:
2023-02-06T09:33:53-07:00   Informational   unbound   [74515:0] info: [25%]=2.73437e-07 median[50%]=5.46875e-07 [75%]=8.20312e-07   
2023-02-06T09:33:53-07:00   Informational   unbound   [74515:0] info: histogram of recursion processing times   
2023-02-06T09:33:53-07:00   Informational   unbound   [74515:0] info: average recursion processing time 0.202112 sec

In the emergency logs it shows:
SystemError: _PyEval_EvalFrameDefault returned a result with an error set   
           The above exception was the direct cause of the following exception:   
           AttributeError: 'NoneType' object has no attribute 'security'   
           ctx.log_entry(*info, ACTION_DROP, SOURCE_LOCAL, None, RCODE_SERVFAIL, 0, rep.security, rep.ttl)   
           File "dnsbl_module.py", line 243, in servfail_cb

With dnsmasq I'm back up and running, without filtering blocklists, I also reinstalled unbound with no change.

Any ideas what to do next?

Jay
February 06, 2023, 08:27:08 PM #1
February 07, 2023, 12:06:02 AM #2
I upgraded to the latest this morning and it isn't fixed so that must have been a different issue I guess.
February 07, 2023, 04:48:22 AM #3 Last Edit: February 07, 2023, 05:11:03 AM by jaydub
So I did more testing tonight, turned off dnsmasq, turned on unbound.

I went to interface/diagnostics/dns lookup put in:
raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list  and got the error below so I tried it with the https:// in front of the address which I don't believe is needed and get the same result below.
then it says in a popup "correct validations in form" and in red after I close the popup it says "Provide a valid hostname or address to query"

I get the same message when I enter:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

The unbound log shows all my blocklists like this:
07:00   Error   unbound   blocklist download : unable to download file from https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list (error : HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x8027ec0d0>: Failed to establish a new connection: [Errno 8] Name does not resolve')))

If I put in google.com it resolves same with a few other websites.
February 07, 2023, 08:44:07 AM #4
Quote from: jaydub on February 06, 2023, 06:24:55 PM
ctx.log_entry(*info, ACTION_DROP, SOURCE_LOCAL, None, RCODE_SERVFAIL, 0, rep.security, rep.ttl)   

This line specifically shows the module is pre-23.1. In case you haven't you should probably restart Unbound so the template generation has a chance to kick in.
February 07, 2023, 03:32:25 PM #5 Last Edit: February 07, 2023, 03:46:43 PM by jaydub
Quote from: tuto2 on February 07, 2023, 08:44:07 AM
This line specifically shows the module is pre-23.1. In case you haven't you should probably restart Unbound so the template generation has a chance to kick in.

As I stated in my first post, I have restarted the service numerous times, I have rebooted numerous times and I have gone into "system, firmware, packages" and reinstalled unbound twice with no change (my package for unbound says it is 1.17.1_1 and opnsense is 23.1_6-amd64). When I go to "firmware, update" it says all my packages are up to date.

If the module is pre-23.1 then there is something broken with the package manager apparently as I'm not getting the updated package. Do you have any other suggestions I should try? Is there a best way to remove unbound then reinstall to make sure the module gets updated properly?

***GOT REQUEST TO REINSTALL***
Currently running OPNsense 23.1_6 at Tue Feb  7 07:45:01 MST 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.

No packages are required to be fetched.
Integrity check was successful.
unbound-1.17.1_1: already unlocked
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
   unbound-1.17.1_1

Number of packages to be reinstalled: 1
[1/1] Reinstalling unbound-1.17.1_1...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[1/1] Extracting unbound-1.17.1_1: .......... done
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
Print
Go Up Pages1
User actions