Unbound service routinely stopping/crashing following 20.7.7 update

Started by deejacker, December 18, 2020, 09:22:56 AM

Previous topic - Next topic
Print
Go Down Pages1 2 3 ... 7
User actions
December 18, 2020, 09:22:56 AM
Pretty much as the subject states. All working fine before update, updated fine, but then noticed that Unbound service had just stopped. Managed to log into the GUI to restart, but this is now happening routinely. Anybody else experiencing this?
December 18, 2020, 09:33:53 AM #1
Anything in the logs? Do you use DNSBL?
December 18, 2020, 10:06:31 AM #2
No don't use DNSBLs, just a Pi-hole.
Looking at the Unbound logs, I can't see anything obvious which would suggest a service failure, but that may be my limited knowledge.


2020-12-18T08:09:47   unbound[36701]   [36701:0] info: start of service (unbound 1.13.0).   
2020-12-18T08:09:47   unbound[9063]   daemonize unbound dhcpd watcher.   
2020-12-18T08:09:46   unbound[36701]   [36701:0] notice: init module 0: iterator   
2020-12-18T07:53:33   unbound[81533]   [81533:2] notice: sendto failed: Permission denied   
2020-12-18T07:29:56   unbound[81533]   [81533:0] info: start of service (unbound 1.13.0).   
2020-12-18T07:29:55   unbound[48254]   daemonize unbound dhcpd watcher.   
2020-12-18T07:29:55   unbound[81533]   [81533:0] notice: init module 0: iterator   
2020-12-18T01:04:07   unbound[9402]   [9402:3] notice: sendto failed: Permission denied
December 18, 2020, 10:33:27 AM #3
Please check the interfaces it is listening to. Maybe there is something wrong. Change this setting and hit save. Then change it back and save again.
,,The S in IoT stands for Security!" :)
December 18, 2020, 10:43:33 AM #4
Same/comparable issue on my end. Although my configuration is using DNSBL.

Code Select
2020-12-18T09:20:51 kernel -> pid: 63934 ppid: 1 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
2020-12-18T09:20:51 kernel [HBSD SEGVGUARD] [unbound (63934)] Suspension expired.
2020-12-18T09:20:51 kernel pid 63934 (unbound), jid 0, uid 59: exited on signal 11

What additional info can I/we append to investigate this issue further? Should we revert to the previous version?
December 18, 2020, 12:07:53 PM #5
Same here, I've upgraded to 20.7.7 to get IPv6 prefix delegation working again, however, unbound crashed twice since I've upgraded:

Code Select
root@fw:~ # dmesg | grep unbound
pid 85049 (unbound), jid 0, uid 59: exited on signal 11


Here is my unbound config:

Code Select
  <unbound>
    <enable>1</enable>
    <custom_options/>
    <regdhcp>1</regdhcp>
    <cache_max_ttl/>
    <cache_min_ttl/>
    <incoming_num_tcp>10</incoming_num_tcp>
    <infra_cache_numhosts>10000</infra_cache_numhosts>
    <infra_host_ttl>900</infra_host_ttl>
    <jostle_timeout>200</jostle_timeout>
    <log_verbosity>1</log_verbosity>
    <msgcachesize>4</msgcachesize>
    <num_queries_per_thread>4096</num_queries_per_thread>
    <outgoing_num_tcp>10</outgoing_num_tcp>
    <unwanted_reply_threshold/>
    <hosts>
      <host>******</host>
      <domain>*********</domain>
      <rr>A</rr>
      <ip>***********</ip>
      <mxprio/>
      <mx/>
      <descr/>
      <aliases>
        <item/>
      </aliases>
    </hosts>
    <hosts>
      <host>******</host>
      <domain>*********</domain>
      <rr>A</rr>
      <ip>**********</ip>
      <mxprio/>
      <mx/>
      <descr/>
      <aliases>
        <item/>
      </aliases>
    </hosts>
    <hosts>
      <host>******</host>
      <domain>**********</domain>
      <rr>A</rr>
      <ip>**********</ip>
      <mxprio/>
      <mx/>
      <descr/>
      <aliases>
        <item/>
      </aliases>
    </hosts>
    <hosts>
      <host>******</host>
      <domain>*********</domain>
      <rr>A</rr>
      <ip>**********</ip>
      <mxprio/>
      <mx/>
      <descr/>
      <aliases>
        <item/>
      </aliases>
    </hosts>
    <regdhcpstatic>1</regdhcpstatic>
  </unbound>
December 18, 2020, 12:10:48 PM #6
Interfaces setting was set to 'All' but that setting does not seem to be available anymore and I've enabled all interfaces manually. 
December 18, 2020, 12:17:18 PM #7
Stability is now better?
,,The S in IoT stands for Security!" :)
December 18, 2020, 12:30:21 PM #8
I followed your suggestion of changing the interface and back again. Will monitor to see if this makes any difference.
December 18, 2020, 03:04:28 PM #9 Last Edit: December 18, 2020, 03:36:49 PM by brendanbank
I just had another crash. I'm considering downgrading at the end of our workday. As a workaround, I've disabled unbound and enabled Dnsmasq to do the DNS resolving.
December 18, 2020, 03:43:33 PM #10 Last Edit: December 18, 2020, 04:06:58 PM by Fright
can you try to set Log level verbosity to 5, disable DHCP registration (just in case), restart unbound and wait for crash?
share fresh logs please
looks like a unbound bug
December 18, 2020, 03:53:19 PM #11
December 18, 2020, 04:13:06 PM #12
can test with Log level 0?
December 18, 2020, 04:24:05 PM #13
Setting the interfaces manually appears to have stabilized the issue. Will report back if the situation changes.
December 18, 2020, 04:51:49 PM #14
Easy workaround for the affected:

# opnsense-revert -r 20.7.6 unbound

Looks like Unbound 1.13.0 has a number of issues but was necessary to fix CVE....


Cheers,
Franco
Print
Go Up Pages1 2 3 ... 7
User actions