Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Unbound does not restart after changing tls status
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound does not restart after changing tls status (Read 1928 times)
aimdev
Full Member
Posts: 126
Karma: 5
Unbound does not restart after changing tls status
«
on:
March 11, 2022, 06:58:11 pm »
I enabled a dns over tls entry (which has worked, but was disabled to identify sputios lets encrypt messages) and applied, unbound then halted and had to be manually restarted.
Only log entry shows (all log options on)
2022-03-11T17:49:27 Informational unbound [88990:0] info: start of service (unbound 1.15.0).
2022-03-11T17:49:27 Notice unbound daemonize unbound dhcpd watcher.
2022-03-11T17:48:58 Informational unbound [88349:0] info: service stopped (unbound 1.15.0).
This will occur if I disable the entry, and apply
Versions OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Unbound does not restart after changing tls status
«
Reply #1 on:
March 11, 2022, 11:29:46 pm »
anything from "unbound-checkconf" ?
Logged
aimdev
Full Member
Posts: 126
Karma: 5
Re: Unbound does not restart after changing tls status
«
Reply #2 on:
March 11, 2022, 11:41:21 pm »
root@opnsense:~ # unbound-checkconf
unbound-checkconf: no errors in /usr/local/etc/unbound/unbound.conf
root@opnsense:~ #
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Unbound does not restart after changing tls status
«
Reply #3 on:
March 11, 2022, 11:50:58 pm »
Ok but you need to try to narrow down the problem.
try "sudo cat /var/log/resolver/latest.log | grep -i 'fatal' and similar. The point being that there is something Unbound is unhappy about and only you can root around your systems for clues.
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Unbound does not restart after changing tls status
«
Reply #4 on:
March 11, 2022, 11:56:22 pm »
And one more thing, look for system logs too for memory exhaustion, just in case Unbound is OK but a random victim to free resources.
Logged
aimdev
Full Member
Posts: 126
Karma: 5
Re: Unbound does not restart after changing tls status
«
Reply #5 on:
March 12, 2022, 06:30:38 am »
tail -f /var/log/resolver/latest.log
de-selected tls entry pressed apply
log emtry
info: service stopped (unbound 1.15.0).
manually started service
daemonize unbound dhcpd watcher.
info: start of service (unbound 1.15.0).
Clearly I missed these on the gui log output, but
2022-03-12T05:23:25 Informational unbound [64546:0] info: start of service (unbound 1.15.0).
2022-03-12T05:23:25 Notice unbound daemonize unbound dhcpd watcher.
2022-03-12T05:21:13 Informational unbound [88990:0] info: service stopped (unbound 1.15.0).
they are there, as informational, amongst all the other informational messages.
Logged
aimdev
Full Member
Posts: 126
Karma: 5
Re: Unbound does not restart after changing tls status
«
Reply #6 on:
March 12, 2022, 06:35:09 am »
re
And one more thing, look for system logs too for memory exhaustion, just in case Unbound is OK but a random victim to free resources.
Not sure I understand memory exhaustion, unbound is not randomly stopping.
Memory Stats
State table size 0 % ( 674/1625000 )
MBUF usage 0 % ( 6236/1010746 )
Memory usage 17 % ( 2881/16256 MB )
SWAP usage 0 % ( 0/8192 MB )
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Unbound does not restart after changing tls status
«
Reply #7 on:
March 12, 2022, 08:44:00 pm »
OK. Does changing in the UI for Unbound "Log File" to Debug and restarting it show any clues?
Scratch that, I just re-read your original post. Only happens with a particular DoT entry and nothing appears in the log even with debug.
I'm not sure what to suggest apart from digging into how to start it from command after figuring out a more verbose logging. I assume you have already increased the verbosity from the default level.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Unbound does not restart after changing tls status