Unbound DNS cannot flush out stale DNS entries

Started by SpikeyGG, December 22, 2020, 11:07:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 22, 2020, 11:07:26 PM
 I've been using OPNsense for a bit and one thing I do a lot these days is add more IoT devices to my LAN. I have the biggest problem with removing the stale DNS DHCP entries from the system. I'm curious how to go about doing this in a way that works every time.

The problem occurs when I try to set up a new device. I program it to hook up to my WiFi with DHCP because I don't know what the MAC is, yet. It gets a randomly assigned DHCP IP from the pool and shows up in the leases list. At this point, it becomes part of the DNS results because Unbound records the DHCP lease data in its DNS entries. I can see this with `nslookup <name> <opnsense>` from other computers on the network.

Now that I have the MAC I can go in and add the static entry on the DHCP server but then the nslookup results show both the old pool IP and the new static IP. I cannot get the old pool IP to go away!! I tried restarting the DHCP server and restarting Unbound DNS server multiple times but the entry won't go away. :(

I have even tried disconnecting the device, waiting for OPNsense to recognize that the device is offline but the lease is out there and clicking the little trash icon next to it to delete the entry from the DHCP server but when I use nslookup and force it to use the root DNS server it STILL resolves (even after restarting Unbound and DHCP servers)! What gives??

Just about the only way I've found that ALWAYS works so far is to reboot the router but that takes 2-3 minutes and the internet is down at my house during that time so I'd like to find a way to do this that doesn't involve a restart.

Unfortunately, because these are IoT devices, there's no easy way to get it to issue a "ipconfig /release" to tell the DHCP server that they're done so I have to do this from the router's side.

Thanks,
-Greg
Do I have to wait for the lease to expire?
December 22, 2020, 11:23:02 PM #1
Through some trial and error, I think I may have just figured out a way to make this happen in a super annoying round about way:


  • Go to DHCP server settings and change the DHCP lease time to be very short (3 minutes or something)
  • Plug in the device, have it register to get short lease so its MAC address gets recorded
  • Unplug device
  • Copy MAC address
  • Wait for the lease to expire
  • Restart Unbound DNS
  • Create static entry for device

I've found that even after the DHCP server removes the lease due to the expiration the Unbound DNS server STILL serves that DNS entry. You have to restart the service for it to realize that the entry is no longer valid and remove it.

This feels super janky but it works. If anyone has a better way to do this please let me know.

Thanks,
-Greg
April 03, 2024, 03:58:58 PM #2
stumbling over the same problem today.

Reading https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/serve-stale.html unbound can be configured how to handle stale data.

Loooking at my OPNsense -> Unbound DNS -> Advanced -> Serve Expired Responses is NOT enabled

Should I also configure "Maximum TTL for RRSets and messages" ??

OPNsense 23.10.2 / Unbound 1.19.0
Print
Go Up Pages1
User actions