[Solved] Update to 23.1.1: Unbound reporting broken/not working

Started by dumbo, February 15, 2023, 07:35:00 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
February 15, 2023, 07:35:00 PM Last Edit: February 16, 2023, 08:21:40 AM by dumbo
Hi,

with todays update it looks like something strange happened to unbound (and it's reporting tool).

Reporting stopped working. And getting a lot of errors within ounbound log:
[35098:1] error: recvfrom 40 failed: Protocol not available
...
[71101:0] error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)   
...

Looks like something is broken.

Restarted OPNsense and tried everything - but doesn't work.

EDIT: Issue solved!
Code Select
opnsense-patch -a kulikov-a 404b9d5
February 15, 2023, 08:19:09 PM #1
Do you really need to post in two threads and open a third?


Cheers,
Franco
February 15, 2023, 08:20:29 PM #2
at least some info..
this is unbound errors, not blocklist or logger modules i think.
is unbound itself working?
February 15, 2023, 08:39:37 PM #3
Quote from: Fright on February 15, 2023, 08:20:29 PM
is unbound itself working?

Yes - Unbound itself works without any issues. Despite all the errors within the logs and not working Unbound reporting.
February 15, 2023, 08:41:25 PM #4
Quote from: franco on February 15, 2023, 08:19:09 PM
Do you really need to post in two threads and open a third?


Sorry - found out, that the other two topics do not fit.
So I thought it would be the best to have a separate topic on it to not influence the other topics in the wrong way.
February 15, 2023, 08:47:32 PM #5 Last Edit: February 15, 2023, 08:50:02 PM by dumbo
Looks like I found something.

1. It doesn't resolve client hostnames
2. when 'disabling'  Register DHCP leases &  Register DHCP static mappings it starts working again

But as I said - no hostname resolution (of local clients)

EDIT: Have to correct me... Stopped again working since a few minutes. 🤷🏼‍♂️
February 15, 2023, 09:22:48 PM #6
You might have missed in the hurry to seek assistance, that you haven't provided any information about your setup. The Unbound setup and the system one that can affect this behaviour i.e. DNS settings in other parts of the system.
February 15, 2023, 09:43:17 PM #7 Last Edit: February 15, 2023, 09:59:38 PM by Fright
@dumbo
sorry, but it's a bit confusing. Are there any errors in the general log? does the unbound itself work exactly (does the resolution of at least some names work)? if you enable display of all messages (Deebug) in the unbound log, are there any messages like "info: dnsbl_module: no logging backend found."?

@tuto2
Hi!
after the update, I had a several times when the logger was tried to start before the pipe was ready.
producing "Unable to open pipe. This is likely because Unbound isn't running." and exit
making the pipe before list load fixed this.  (https://github.com/opnsense/core/blob/bc1a8778ab2140e46175ecf2546b634f87087f07/src/opnsense/service/templates/OPNsense/Unbound/core/dnsbl_module.py#L68)

Code Select

        if self.stats_enabled:
            self.create_pipe_rdv()

        self.update_dnsbl(self.log_update_time)


maybe that makes sense?
February 16, 2023, 05:41:10 AM #8 Last Edit: February 16, 2023, 05:54:27 AM by dumbo
Quote from: Fright on February 15, 2023, 09:43:17 PM
@dumbo
sorry, but it's a bit confusing. Are there any errors in the general log? does the unbound itself work exactly (does the resolution of at least some names work)? if you enable display of all messages (Deebug) in the unbound log, are there any messages like "info: dnsbl_module: no logging backend found."?


Hi. Concerning your questions:

  • yes a lot of errors within general log of unbound
  • Unbound still does work - only reporting is broken
  • yes - it's flooding the unbound log
Code Select
info: dnsbl_module: attempting to open pipe AND info: dnsbl_module: no logging backend found.



If I play with unbound settings it starts to work again for a short amount of time - then again no reporting and a lot of those messages within unbound debug log.

And what else does occour is, that the reporting tool (old not updated entries are still there) lost their client name resolution and only showing IPs instead of names.
February 16, 2023, 06:32:20 AM #9 Last Edit: February 16, 2023, 06:37:02 AM by Fright
ok, thanks. may be now the db is initializing so quickly that the pipe is not yet ready because the lists is still loading into memory.
can you try with:
Code Select
opnsense-patch -a kulikov-a 404b9d5
please? (need to reload unbound after the patch)
February 16, 2023, 08:00:33 AM #10
THX a lot. It solved my Problem from here.
February 16, 2023, 08:00:45 AM #11
Quote from: Fright on February 16, 2023, 06:32:20 AM
can you try with:
Code Select
opnsense-patch -a kulikov-a 404b9d5
please? (need to reload unbound after the patch)
Will try it later. Thanks.
February 16, 2023, 08:20:49 AM #12
Quote from: Fright on February 16, 2023, 06:32:20 AM
can you try with:
Code Select
opnsense-patch -a kulikov-a 404b9d5
please? (need to reload unbound after the patch)

Issue solved! As it's one of the main new features of 23.1 I hope there will be/come an update patch for the release.

Thx a lot!
February 16, 2023, 08:47:21 AM #13
@Syon @dumbo
thanks for the feedback!
I'll try to make a pr
February 17, 2023, 06:52:15 AM #14 Last Edit: February 17, 2023, 01:22:15 PM by Fright
for the ref. https://github.com/opnsense/core/pull/6331
AdSchellevis insisted that the patch do the right thing right away, not just play with the actions order  :)
so its
Code Select
opnsense-patch 7ebe361
now
imho it is better to use it now instead of the test one, but if everything works, then it can wait for the next release
included in 23.1.1_2
Print
Go Up Pages1 2
User actions