Upgradethread 23.1.11_1 to 23.7

[seed]

Using these directions:
https://forum.opnsense.org/index.php?topic=25540.msg122731#msg122731

i will upgrade my opnsense this evening. I will post my experiences.

If you already have upgraded your instance feel free to report.

[guest34985]

Unbound does not start any longer, now using Mobile backup.

/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.php.50:in_array(): Argument#2($haystack) must be of type array, int given.

Hope this gets fixed soon. My firewall itself can't get Internet access any longer due to lack of DNS ...

[franco]

Can you be any less specific please?

[guest34985]

I upgraded to 23.7 and the Unbound service does not start any longer. This was the message that I got when trying to restart it manually.

Does that help?

[svengru]

Running into the same issue and I also looks like the unbound configuration is completely missing. All reset to default. I got it back to working by disabling Adguard and setting unbound to port 53.

[bob9744]

Same situation here...

[franco]

I upgraded to 23.7 and the Unbound service does not start any longer. This was the message that I got when trying to restart it manually.

Does that help?

Thanks, could be a bug in the adguard plugin implementation or local workaround put in place.


Cheers,
Franco

[bob9744]

I'm not using adguard, and it's broken for me. Pretty vanilla config as well, with just a couple of forwards to nextdns. Got things working temporarily by setting 1.1.1.1 as the system dns, and telling unbound to use the system nameservers.

The unbound service itself, though, still won't start, but at least it doesn't seem to be in the way any longer.

EDIT: I was wrong. I had two possible solutions in play, and what I described above was not helping. Only way I can get things to work simply is to bypass the my router entirely for dns on my devices.

[franco]

...so nextdns like adguardhome is not a plugin we distribute...


Cheers,
Franco

[bob9744]

Not using the plugin - just using two entries in the DNS over TLS section

[franco]

Geez, can you post your

# configctl service list


Cheers,
Franco

[bob9744]

Code Select Expand

[
    {
        "description": "ACME client",
        "pidfile": "/var/run/lighttpd-acme-challenge.pid",
        "configd": {
            "restart": [
                "acme-http-challenge restart"
            ],
            "start": [
                "acme-http-challenge start"
            ],
            "stop": [
                "acme-http-challenge stop"
            ]
        },
        "name": "acme",
        "status": "acme is running as pid 25973."
    },
    {
        "description": "chrony daemon",
        "configd": {
            "restart": [
                "chrony restart"
            ],
            "start": [
                "chrony start"
            ],
            "stop": [
                "chrony stop"
            ]
        },
        "name": "chronyd",
        "pidfile": "/var/run/chrony/chronyd.pid",
        "status": "chronyd is running as pid 13315."
    },
    {
        "description": "System Configuration Daemon",
        "pidfile": "/var/run/configd.pid",
        "mwexec": {
            "restart": [
                "/usr/local/etc/rc.d/configd restart"
            ],
            "start": [
                "/usr/local/etc/rc.d/configd start"
            ],
            "stop": [
                "/usr/local/etc/rc.d/configd stop"
            ]
        },
        "name": "configd",
        "locked": true,
        "status": "configd is running as pid 252."
    },
    {
        "description": "Cron",
        "php": {
            "start": [
                "system_cron_configure"
            ],
            "restart": [
                "system_cron_configure"
            ]
        },
        "pidfile": "/var/run/cron.pid",
        "name": "cron",
        "status": "cron is running as pid 86746."
    },
    {
        "description": "CrowdSec",
        "configd": {
            "restart": [
                "crowdsec restart"
            ],
            "start": [
                "crowdsec start"
            ],
            "stop": [
                "crowdsec stop"
            ]
        },
        "name": "crowdsec",
        "status": "crowdsec is running as pid 4807."
    },
    {
        "description": "ddclient",
        "configd": {
            "restart": [
                "ddclient restart"
            ],
            "start": [
                "ddclient start"
            ],
            "stop": [
                "ddclient stop"
            ]
        },
        "name": "ddclient",
        "pidfile": "/var/run/ddclient.pid",
        "status": "ddclient is running as pid 61506."
    },
    {
        "name": "dhcpd",
        "description": "DHCPv4 Server",
        "php": {
            "restart": [
                "dhcpd_dhcp4_configure"
            ],
            "start": [
                "dhcpd_dhcp4_configure"
            ]
        },
        "pidfile": "/var/dhcpd/var/run/dhcpd.pid",
        "status": "dhcpd is running as pid 60955."
    },
    {
        "description": "Shaper",
        "configd": {
            "restart": [
                "ipfw reload"
            ],
            "start": [
                "ipfw reload"
            ],
            "stop": [
                "ipfw reload"
            ]
        },
        "name": "ipfw",
        "nocheck": true,
        "status": "ipfw is running."
    },
    {
        "description": "Users and Groups",
        "php": {
            "restart": [
                "system_login_configure"
            ]
        },
        "nocheck": true,
        "name": "login",
        "status": "login is running."
    },
    {
        "description": "mDNS Repeater",
        "configd": {
            "restart": [
                "mdnsrepeater restart"
            ],
            "start": [
                "mdnsrepeater start"
            ],
            "stop": [
                "mdnsrepeater stop"
            ]
        },
        "name": "mdns-repeater",
        "status": "mdns-repeater is running as pid 14027."
    },
    {
        "description": "Monit System Monitoring",
        "configd": {
            "restart": [
                "monit restart"
            ],
            "start": [
                "monit start"
            ],
            "stop": [
                "monit stop"
            ]
        },
        "name": "monit",
        "status": "monit is running as pid 11721."
    },
    {
        "description": "Secure Shell Daemon",
        "configd": {
            "restart": [
                "openssh restart"
            ],
            "start": [
                "openssh start"
            ],
            "stop": [
                "openssh stop"
            ]
        },
        "pidfile": "/var/run/sshd.pid",
        "name": "openssh",
        "status": "openssh is running as pid 13333."
    },
    {
        "description": "Packet Filter",
        "configd": {
            "restart": [
                "filter reload"
            ]
        },
        "nocheck": true,
        "name": "pf",
        "status": "pf is running."
    },
    {
        "description": "System routing",
        "php": {
            "restart": [
                "system_routing_configure"
            ]
        },
        "nocheck": true,
        "name": "routing",
        "status": "routing is running."
    },
    {
        "description": "System tunables",
        "php": {
            "restart": [
                "system_sysctl_configure"
            ]
        },
        "nocheck": true,
        "name": "sysctl",
        "status": "sysctl is running."
    },
    {
        "description": "Syslog-ng Daemon",
        "php": {
            "stop": [
                "system_syslog_stop"
            ],
            "start": [
                "system_syslog_start"
            ],
            "restart": [
                "system_syslog_start"
            ]
        },
        "pidfile": "/var/run/syslog-ng.pid",
        "name": "syslog-ng",
        "status": "syslog-ng is running as pid 18470."
    },
    {
        "name": "unbound",
        "dns_ports": [
            "53"
        ],
        "description": "Unbound DNS",
        "php": {
            "restart": [
                "unbound_configure_do"
            ],
            "start": [
                "unbound_configure_do"
            ],
            "stop": [
                "unbound_service_stop"
            ]
        },
        "pidfile": "/var/run/unbound.pid",
        "status": "unbound is not running."
    },
    {
        "pidfile": "/var/run/lighty-webConfigurator.pid",
        "description": "Web GUI",
        "php": {
            "restart": [
                "webgui_configure_defer"
            ]
        },
        "name": "webgui",
        "locked": true,
        "status": "webgui is running as pid 18277."
    }
]

[franco]

Not the same issue then regarding dns_ports.


Cheers,
Franco

[svengru]

...this is a strange one.

I reconfigured unbound (as it lost all settings) and now the issue is gone. Even with Adguard enabled again.
Both services can now be started, re-started without any issue.

Will do a more testing on my backup router to figure out what went wrong.

[DEC670airp414user]

under general DNS>  i have one DNS server applied to WAN.
9.9.9.9

my upgrade worked fine, i decided to tinker when i read this thread:

under unbound i setup DNS over TLS
9.9.9.9
dns.quad.net
port 853

traffic stopped entirely.
deleted the configuration.    and everything went back to working again!