Unbound errors in log file

Started by lar.hed, December 31, 2023, 12:28:43 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 ... 6
User actions
January 03, 2024, 08:19:39 PM #15
Unbound crashed this time - just stopped without any for me visible reason. From Unbound Log.

Code Select
2024-01-03T20:17:27 Informational monit 'unbound' trying to restart
2024-01-03T20:17:23 Error monit 'unbound' process is not running
January 03, 2024, 08:23:10 PM #16
Question: Why should one use Unbound if I can not use Block Lists, Block Countries and DoT?
January 03, 2024, 11:01:21 PM #17
We haven't proven that my thinking theory is right and the block list is the problem or a contributor. I could very well be wrong.
Albeit your question is generic, I imagine other users don't have a problem, and therefore the cause is specific. In light of this, I can't answer your question but can keep trying to help if you allow.
Again, with my thinking that needs proving, may I ask where are you getting the blocklist from and how are you adding it to the Unbound configuration? Same for whitelist you seem to have included.
January 03, 2024, 11:15:41 PM #18
Maybe someone could finally post the contents of /var/unbound/root.hints when hitting this issue.
January 03, 2024, 11:17:19 PM #19
maybe useful but looking at the log screenshot, that seems -to me-, something that fails after.
January 03, 2024, 11:22:34 PM #20
Yeah, maybe, considering unbound is a recursive resolver, unless configured otherwise, it obviously cannot work without knowing what the root servers are.
January 03, 2024, 11:28:52 PM #21
agreed but I'm looking at the actual error posted and the line appears clear and the function has:
Code Select
   265     def _load_dnsbl(self):
   266         with open(self.dnsbl_path, 'r') as f:
   267             try:
   268                 self.dnsbl = json.load(f)
   269                 log_info('dnsbl_module: blocklist loaded. length is %d' % len(self.dnsbl['data']))
   270                 with open(self.size_file, 'w') as sfile:
   271                     sfile.write(str(len(self.dnsbl['data'])))
   272                 if mod_env and type(self.dnsbl.get('config')) is dict:
   273                     mod_env['context'].set_config(self.dnsbl['config'])
   274             except (json.decoder.JSONDecodeError, KeyError) as e:
   275                 if not self.dnsbl:
   276                     log_err("dnsbl_module: unable to bootstrap blocklist, this is likely due to a corrupted \
   277                             file. Please re-apply the blocklist settings.")
   278                     self.dnsbl_available = False
   279                     return
   280                 else:
   281                     log_err("dnsbl_module: error parsing blocklist: %s, reusing last known list" % e)

See the line 277 referenced in the inner exception and what the code is trying to do. Seems to me more relevant to blocklist, but maybe I am on the wrong track.
January 03, 2024, 11:33:52 PM #22
Well, the idea was: if the default config file was not pointing to the (malformed) one, it'd use the built-in ones just fine. Remove that line form the template and try to reproduce the error after that.
January 03, 2024, 11:42:49 PM #23
Are you referring to the root.hints file? If yes, then I don't know what line from what template you're suggesting to modify. The particular template where this class and function is, has no reference to the hints file.
January 03, 2024, 11:51:53 PM #24 Last Edit: January 03, 2024, 11:53:53 PM by doktornotor
Code Select
# grep root.hints /usr/local/etc/inc/plugins.inc.d/unbound.inc
root-hints: /var/unbound/root.hints



https://github.com/opnsense/core/blob/master/src/etc/inc/plugins.inc.d/unbound.inc#L286
January 03, 2024, 11:59:10 PM #25
right. Then OP as per this, maybe you could do this when you hit the problem:
Code Select
$diff -u /var/unbound/root.hints /usr/local/opnsense/service/templates/OPNsense/Unbound/core/root.min.hints
That will compare them and report differences.
January 04, 2024, 12:11:43 PM #26 Last Edit: January 04, 2024, 12:13:19 PM by lar.hed
Quote from: cookiemonster on January 03, 2024, 11:59:10 PM
right. Then OP as per this, maybe you could do this when you hit the problem:
Code Select
$diff -u /var/unbound/root.hints /usr/local/opnsense/service/templates/OPNsense/Unbound/core/root.min.hints
That will compare them and report differences.

Absolutely! No problem what so ever - but I think I might need to re-enable the blocklist part for this? Or?

I leave the blocklist disabled for now, until I get "other orders" from you  ;D

Edit - for the moment the two files are identical, just so we all know.
January 04, 2024, 12:15:25 PM #27
One thing is a bit important here: The previous version of Unbound (1.04?) that was in OPNsense pre-23.7, worked 100% with my config. All this started after I updated to 23.7, so what ever it is that I am having challenges with, it is part of something that changed (1.04 -> 1.08).
January 04, 2024, 02:35:36 PM #28
Quote from: lar.hed on January 03, 2024, 08:23:10 PM
Question: Why should one use Unbound if I can not use Block Lists, Block Countries and DoT?

Not sure what Block Countries is, but I use several DNSBL and DoT with Unbound and have no problems.

Quote from: doktornotor on January 03, 2024, 11:22:34 PM
Yeah, maybe, considering unbound is a recursive resolver, unless configured otherwise, it obviously cannot work without knowing what the root servers are.

Unbound shouldn't be running in recursive mode since the OP has DoT configured.
January 04, 2024, 03:29:57 PM #29
looks like a 'template generation' vs 'unbound start' racing for me
@lar.hed how many "generate template OPNsense/Unbound/*" messages in Backend log you see in time when this happens?
Print
Go Up Pages 1 2 3 4 ... 6
User actions