Unbound fails to start on boot

[franco]

Looking at the date of the last post and not having any data on 22.1.1 latest makes me wonder if there was a way to find out if it works better or not...


Cheers,
Franco

[verasense]

Actually, yesterday I updated my system at midday:

Code Select Expand

Type opnsense
Version 22.1.1_3
Architecture amd64
Flavour OpenSSL
Commit 6b667da6f
...
Updated on Mon Feb 21 14:49:37 UTC 2022

After the different reboots, I was losing Internet connection, but I knew what it was. I just had to login via the router IP (no DN) and re-run the Unbound DNS in the dashboard.

Losing DNS does not occur immediatelly. Tonight I went to sleep with Internet. Today I woke up and there was no Internet - again, the Unbound DNS was deactivated.

By the way, this is the same issue I had before, where I mistakenly though I lost connectivity, and then I discover it was only DNS:
https://forum.opnsense.org/index.php?topic=25947.msg125084#msg125084

Suricata also stops after a few minutes. But I cannot make it work, it always stop. On the contrary, DNS stays running if I do not reboot the router.

How can I research what is going on?

[franco]

Are you using blocklists in Unbound with a Cron Job maybe?

Logs are always helpful...


Cheers,
Franco

[hushcoden]

Same issue here since I updated to 22.1.1_3 and yes I have the cron job which update the block lists every morning at 6:00 - so now after the update Unbound won't restart and I have to manually start it, any suggetsions?

Which log should I post?

Tia.

[franco]

For one try:

# configctl unbound check

Logs are usually in system log, e.g.:

# opnsense-log

or resolver log for unbound:

# opnsense-log resolver


Cheers,
Franco

[hushcoden]

For one try:

# configctl unbound check

I get this:

Code Select Expand

error in configd communication %s, see syslog for details

And I've attached the message I found in the log

[franco]

# service configd restart
# configctl unbound check

If configd isn't responding it could be anything really.


Cheers,
Franco

[hushcoden]

Perhaps time to plan for a fresh reinstall.

[franco]

Health audit (under system: firmware: status) might be useful to spot potential problems that are easy to fix.


Cheers,
Franco

[hushcoden]

That seems all good

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.1.1_3 (amd64/OpenSSL) at Thu Feb 24 18:48:26 GMT 2022
>>> Check installed kernel version
Version 22.1.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.1.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: ................................................................... done
***DONE***

[franco]

Indeed, which means the issue could come back even after clean reinstall + configuration import. Which plugins are you using? Reminds me I wanted to add that to the health audit.


Cheers,
Franco

[miroco]

Does the Unbound 1.15.0 change log offer any new insights on the matter?

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-15-0

miroco

[hushcoden]

Which plugins are you using? Reminds me I wanted to add that to the health audit.

os-dmidecode (installed)
os-smart (installed)
os-theme-cicada (installed)
os-wireguard (installed)

[franco]

Doesn't look suspicious, sorry, unable to think of how to debug this further.


Cheers,
Franco