Unbound - restarted when interface wakes up? (is delay and BlackLists)

Started by lar.hed, December 05, 2020, 11:00:58 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3 ... 5
User actions
December 05, 2020, 11:00:58 PM Last Edit: December 07, 2020, 08:37:00 AM by lar.hed
So here is the thing I for the moment don't get:

I earlier today turned on Unbound DNS BlackList, and checked them all. This used to work on my old OPNsense firewall (hardware broke on that one, so I building a new one).

So when enabled, BlackLists, I get a delay of 10-15 seconds before internet (DNS resolution) wakes up when I wake up my PC on the LAN interface. If I disable BlackLists, it works direct after I wake up my LAN connected PC.

Anyone know why this is?
December 06, 2020, 01:22:50 AM #1
It's possible the computer is trying to check something dns related that is being blocked by the backlists.  Have you checked to see if windows determines if you have internet access when the internet is not working?
December 06, 2020, 10:45:47 AM #2 Last Edit: December 06, 2020, 10:48:28 AM by lar.hed
Well I kind of got there also.

So I disables the WindowsSpy stuff (three lists) in the bottom, made no difference.
So then I disabled everything except the first one (AdAwayList) - this worked.

Will now work my way thru each and everyone of them to see when I hit the same issue again. I'll be back...

EDIT: Windows says I have internet access all the time - it is just DNS resolution that seems to fail...

EDIT (again): The current OPNsense hardware, since the previous one got h/w failure, sits inside another firewall that happens to run a few blacklists also...
December 06, 2020, 03:49:07 PM #3
Okay - a lot of testing later...

The delay could be related to some sort of volume of selected BlackLists....
Since I get longer and longer delay as more of the BlackLists get selected...
December 07, 2020, 06:46:18 AM #4
Why is Unbound restarted every time someone starts the PC connected to LAN interface is woken up?

The PC connected to that single interface, LAN, goes to sleep and then the traffic on that interface, LAN, stops. At that time nothing seems to happen in the log, however as soon as someone (most likly me) starts that only connected PC, Unbound restarts:

Code Select
2020-12-07T06:37:00 unbound[19877] [19877:1] info: generate keytag query _ta-4f66. NULL IN
2020-12-07T06:37:00 unbound[19877] [19877:2] info: generate keytag query _ta-4f66. NULL IN
2020-12-07T06:37:00 unbound[19877] [19877:3] info: generate keytag query _ta-4f66. NULL IN
2020-12-07T06:37:00 unbound[19877] [19877:0] info: start of service (unbound 1.12.0).
2020-12-07T06:37:00 unbound[19877] [19877:0] notice: init module 1: iterator
2020-12-07T06:37:00 unbound[19877] [19877:0] notice: init module 0: validator
2020-12-07T06:36:19 unbound[19877] [19877:0] notice: Restart of unbound 1.12.0.
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.032768 0.065536 2
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.008192 0.016384 2
2020-12-07T06:36:19 unbound[19877] [19877:0] info: lower(secs) upper(secs) recursions
2020-12-07T06:36:19 unbound[19877] [19877:0] info: [25%]=0.012288 median[50%]=0.016384 [75%]=0.049152
2020-12-07T06:36:19 unbound[19877] [19877:0] info: histogram of recursion processing times
2020-12-07T06:36:19 unbound[19877] [19877:0] info: average recursion processing time 0.029205 sec
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 7: requestlist max 0 avg 0 exceeded 0 jostled 0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 7: 25 queries, 21 answers from cache, 4 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.016384 0.032768 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: lower(secs) upper(secs) recursions
2020-12-07T06:36:19 unbound[19877] [19877:0] info: [25%]=0 median[50%]=0 [75%]=0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: histogram of recursion processing times
2020-12-07T06:36:19 unbound[19877] [19877:0] info: average recursion processing time 0.030775 sec
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 6: requestlist max 0 avg 0 exceeded 0 jostled 0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 6: 13 queries, 12 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 5: requestlist max 0 avg 0 exceeded 0 jostled 0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 5: 2 queries, 2 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 4: requestlist max 0 avg 0 exceeded 0 jostled 0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 4: 3 queries, 3 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.131072 0.262144 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.008192 0.016384 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: lower(secs) upper(secs) recursions
2020-12-07T06:36:19 unbound[19877] [19877:0] info: [25%]=0 median[50%]=0 [75%]=0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: histogram of recursion processing times
2020-12-07T06:36:19 unbound[19877] [19877:0] info: average recursion processing time 0.087900 sec
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 3: 7 queries, 5 answers from cache, 2 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.016384 0.032768 2
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.008192 0.016384 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.000000 0.000001 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: lower(secs) upper(secs) recursions
2020-12-07T06:36:19 unbound[19877] [19877:0] info: [25%]=1e-06 median[50%]=0.016384 [75%]=0.024576
2020-12-07T06:36:19 unbound[19877] [19877:0] info: histogram of recursion processing times
2020-12-07T06:36:19 unbound[19877] [19877:0] info: average recursion processing time 0.010952 sec
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 2: 12 queries, 8 answers from cache, 4 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.131072 0.262144 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.065536 0.131072 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.032768 0.065536 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.016384 0.032768 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: lower(secs) upper(secs) recursions
2020-12-07T06:36:19 unbound[19877] [19877:0] info: [25%]=0.032768 median[50%]=0.065536 [75%]=0.131072
2020-12-07T06:36:19 unbound[19877] [19877:0] info: histogram of recursion processing times
2020-12-07T06:36:19 unbound[19877] [19877:0] info: average recursion processing time 0.082588 sec
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 1: 9 queries, 5 answers from cache, 4 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.262144 0.524288 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.016384 0.032768 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: 0.000000 0.000001 1
2020-12-07T06:36:19 unbound[19877] [19877:0] info: lower(secs) upper(secs) recursions
2020-12-07T06:36:19 unbound[19877] [19877:0] info: [25%]=0 median[50%]=0 [75%]=0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: histogram of recursion processing times
2020-12-07T06:36:19 unbound[19877] [19877:0] info: average recursion processing time 0.174345 sec
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
2020-12-07T06:36:19 unbound[19877] [19877:0] info: server stats for thread 0: 10 queries, 7 answers from cache, 3 recursions, 0 prefetch, 0 rejected by ip ratelimiting
2020-12-07T06:36:19 unbound[19877] [19877:0] info: service stopped (unbound 1.12.0).

Now since Unbound decides to restart, for what evere reason, the DNS resolution will not be available since well it may have started, but it for sure takes a while to process the BlackLists that are active - the more BlackList - the longer the process time (logical, although with 8 cores i7 as CPU well...).

So why is Unbound restarted then? It's not like I added an interface - I just resumed operation on the LAN interface...?
December 07, 2020, 07:03:18 AM #5
is DHCP registration enabled on unbound?
December 07, 2020, 07:24:15 AM #6
Quote from: Fright on December 07, 2020, 07:03:18 AM
is DHCP registration enabled on unbound?

Yes.
December 07, 2020, 07:39:53 AM #7 Last Edit: December 07, 2020, 07:45:28 AM by Fright
Quoteyes
so. unbound needs to re-read config with new entry after dhcp-client address registration.
and the larger the file with dnsbl records, the longer it takes to start
December 07, 2020, 07:41:42 AM #8 Last Edit: December 07, 2020, 07:45:21 AM by lar.hed
Quote from: Fright on December 07, 2020, 07:39:53 AM
Quoteyes
so. unbound needs to re-reade config with new entry after dhcp-client address registration.
and the larger the file dnsbl records, the longer it takes to start

So what you are saying is that I need to turn off, disable, DHCP registration within Unbound to stop this? I'll give it a try.
December 07, 2020, 07:45:06 AM #9
Quotedisable, DHCP registration within Unbound to stop this?
yes. or use less dnsbl-s
if you don't have many hosts to register, you can try to solve this with Overrides and dhcp reservations
December 07, 2020, 08:36:12 AM #10
Quote from: Fright on December 07, 2020, 07:45:06 AM
Quotedisable, DHCP registration within Unbound to stop this?
yes. or use less dnsbl-s
if you don't have many hosts to register, you can try to solve this with Overrides and dhcp reservations

No.

Made no difference at all, still get Unbound restart.

The thing is here, since Unbound handles all DNS requests, all ports so to speak goes down when a interface that has had no traffic (PC/Server is power off or just sleeping) triggers a restart of Unbound. Even without any blacklists enabled this still happens. And you do get downtime. With blacklists it is just much worse.
December 07, 2020, 09:18:36 AM #11
QuoteThe thing is here, since Unbound handles all DNS requests, all ports so to speak goes down when a interface that has had no traffic (PC/Server is power off or just sleeping) triggers a restart of Unbound. Even without any blacklists enabled this still happens. And you do get downtime. With blacklists it is just much worse.
did not understand the idea
QuoteEven without any blacklists enabled this still happens
if DHCP Registration enabled this will happen when the client receives the lease. it will just be faster if the dnsbl list is small or disabled
December 07, 2020, 09:34:10 AM #12
Under Unbound -> General settings:

DHCP Registration is disabled
DHCP Static Mappings is disabled
Network Interfaces is (for the moment) LAN and WORK
Outgoing Network Interfaces (for the moment) WAN_FTTH and WAN_LTE (failover)

And yes Unbound is enabled.

No matter what status BlackLists are in (enabled or disabled), Unbound will restart no matter what when for example LAN interface wakes up.

Since i have 8 ports available (only 4 used so far, I am still building my new OPNsense), when I will enable the last 4 I will also connect a lot more stuff that will need DNS resolution. Some of them might go into powersave and when it wakes up, I guess Unbound will be triggered to reboot. Just as when the now PC connected to LAN port wakes up.

This will interupt DNS service since Unbound is unavailable.

On my other firewall, which happens to use Unbound also - this does not happen, and well that Unbound installation runs a lot of block lists also. No interruption at all.

Also my previous OPNsense box, I don't remember this to happening so it feels like something new (to me at least).
December 07, 2020, 09:43:28 AM #13 Last Edit: December 07, 2020, 09:45:18 AM by Fright
Quotesome of them might go into powersave and when it wakes up, I guess Unbound will be triggered to reboot.
sorry. didn't know about powersave.
yes. it triggers restart afaik
December 07, 2020, 11:27:41 AM #14
Okay - So no matter how I try to solve this, if a host / server / what ever goes into powersave / turned off - and then power on again, the end result is that Unbound will restart.

I think this is the third thing I might not have solved this way.
Print
Go Up Pages1 2 3 ... 5
User actions