Unbound throwing sendto: invalid argument errors, Kea DHCP migration issues?

[baudneo]

I saw someone else having this error awhile back, but they were using ISC DHCP.

After migrating from ISC to Kea DHCP, any new machines that are connecting can't get connectivity, ping, DNS, anything except DHCP, the new devices do pull their reserved IPs from kea. Existing devices work without issue, it's just new devices that have been added into the mix since migrating to Kea DHCP. The migration to kea may be coincidental, I am unsure.

Unbound proxies DNS requests to dnscrypt proxy, I will go through that components settings as well. I don't think dnscrypt would be the issue.

Unbound DNS Logs show (same error for all newer devices):
```
2024-05-09T01:06:46-06:00   Notice   unbound   [67860:2] notice: remote address is 10.0.2.223 port 8735   
2024-05-09T01:06:46-06:00   Notice   unbound   [67860:2] notice: sendto failed: Invalid argument
```

The fix for the previous user was to make sure in ISC that 'Deny unknown clients' was unchecked. I can't find anything similar for Kea DHCP.

On my machine, ISC DHCP is not enabled, only Kea DHCP is but, the static leases are still defined in ISC config. I don't think that's the issue, as 10.0.2.221-224 are new machines and are not defined in ISC.

I followed the links in these opnsense forum issue and found the solution for ISC. Looking for some advice as I am stumped.

https://forum.opnsense.org/index.php?topic=16872.0

https://forum.opnsense.org/index.php?topic=16908.msg76956#msg76956

Thanks!

[baudneo]

Disabling Kea and reenabling ISC seems to be the fix.

Is Kea experimental beta right now?

[franco]

All of this sounds like DNS woes, not DHCP in particular...

> 2024-05-09T01:06:46-06:00   Notice   unbound   [67860:2] notice: sendto failed: Invalid argument

It suggests you have pinned your outgoing interfaces in Unbound and it's trying to send something over an interface that is not there or not connected.

> Is Kea experimental beta right now?

It works fine for what it's trying to achieve now. It's not a full ISC DHCP replacement from the GUI yet. As I said it might just be a drift in configuration (which DNS servers are sent and where you bound Unbound to and how it's forwarding and perhaps even redirecting).


Cheers,
Franco

[Patrick M. Hausen]

It suggests you have pinned your outgoing interfaces in Unbound and it's trying to send something over an interface that is not there or not connected.

Everyone repeat after me:

There's a reason for the "recommended" part in Interfaces: all (recommended)"  ;)

[franco]

To be fair that's just an assumption for now. Want to eliminate the obvious problems before starting to debug something like this.


Cheers,
Franco

[TimK]

Hi, I just wanted to say, that I had the exact same issue. Migrated to KEA, got one VLAN in ISC using static ARP entries. New clients in this VLAN got no internet connection under KEA.
After reactivating ISC DHCP for this interface and adding the static entry for the new client, all worked fine. I deactivated static arp entries in ISC and migrated the interface back to KEA for this VLAN and now also new clients work under KEA. So make sure in case of migration, to deactivate static arp in ISC first. There seems to be some issue with the ARP table.
I migrated the respective interface back to ISC, with KEA, no devices got connection to the network. There is definitely a bug somewhere. Unbound listens to all interfaces.

[hdholm]

Late to the conversation, but I was seeing the same thing and the answer was unchecking "Enable static ARP entries" in the DHCP configuration for that interface (which I had forgotten I applied long ago.)  Hopefully that helps anyone else who stumbles across this problem.