20.7.7 upgrade made unbound unstable

[ssbarnea]

Something really happened with 20.7.7 upgrade that got the Unbound resolved to a status where it stops responding, quite often, sometimes even after less than 24h.

Reloading all services does restore it but that is not something I want to do. So far I was not able to identify what is causing this as the logs are huge and I do not know what to search for in them.

Clearly this is a regression as it was not happening until recently. I do use `Enable DNSSEC Support`, logging verbosity is 2.

The only thing weird I found on resolver logs was a small number of lines like:
notice: sendto failed: Permission denied

Update: But at the same time I was able to spot something interesting general log, which may correlate with the moment it went down. Maybe is not really the dns? Still I have no idea how to fix it. I do use ipv6 and is fixed.


2020-12-24T12:36:42   opnsense[95177]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-24T12:36:40   dhcp6c[99706]   transmit failed: Can't assign requested address   
2020-12-24T12:36:39   opnsense[40415]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-24T12:20:10   opnsense[7251]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-24T12:20:05   opnsense[72599]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-23T23:08:08   opnsense[9414]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-23T23:08:06   dhcp6c[99706]   transmit failed: Can't assign requested address

[miruoy]

This issue (or related) has been covered already in >> https://forum.opnsense.org/index.php?topic=20516.0

You should test with the provided upgrade of unbound to 1.13.1 in this thread and report back if it solved your issue.

[ssbarnea]

Thanks, I applied `opnsense-revert -r 20.7.6 unbound` and I will find out soon. I am also watching the upstream bug.

I will report the results in a day or two. Hopefully my xmas streaming would not be affected.

[allebone]

It fixed it for me. The did restart unbound aftewards.

[jebc4]

Don't know if this helps:
2021-01-01T15:19:44   monit[21916]   'UNBOUND' connection succeeded to [127.0.0.1]:53 [UDP/IP]   
2021-01-01T15:18:43   monit[21916]   'UNBOUND' start: '/usr/local/sbin/pluginctl -s unbound start'   
2021-01-01T15:18:43   monit[21916]   'UNBOUND' stop: '/usr/local/sbin/pluginctl -s unbound stop'   
2021-01-01T15:18:43   monit[21916]   'UNBOUND' trying to restart   
2021-01-01T15:18:43   monit[21916]   'UNBOUND' failed protocol test [DNS] at [127.0.0.1]:53 [UDP/IP] -- DNS: error receiving response -- Resource temporarily unavailable   
2021-01-01T15:18:24   kernel   -> pid: 72522 ppid: 1 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>   
2021-01-01T15:18:24   kernel   [HBSD SEGVGUARD] [unbound (72522)] Suspension expired.   
2021-01-01T15:18:24   kernel   pid 72522 (unbound), jid 0, uid 59: exited on signal 11