Unbound not starting after 24.1.9_3

[Greg_E]

I just updated to 24.1.9_3 and unbound won't seem to start, even after a reboot. But DNS is still getting forwarded through my local DNS servers so I guess I'm kind of OK.

I do have Zenarmor free version running, if that matters.

[franco]

Anything in the Unbound log?


Cheers,
Franco

[Greg_E]

Nothing that gave any real indication of a problem

Code Select Expand


Date
Severity
Process
Line
2024-06-20T16:45:13-04:00 Error unbound Unable to open pipe. This is likely because Unbound isn't running.
2024-06-20T16:44:11-04:00 Error unbound Unable to open pipe. This is likely because Unbound isn't running.

I have 12 lines of this and nothing before the reboot. I just tried reinstalling unbound but no luck. I ran an audit on the system:

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 24.1.9_3 at Fri Jun 21 09:13:20 EDT 2024
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 24.1.8 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 24.1.8 is correct.
>>> Check for missing or altered base files
Error 2 occurred.
etc/sysctl.conf:
size (299, 364)
sha256digest (0x45f469e7a9b4eef887bab7b55397305043fe101e1d6ce6f7e23d758e72f56dc6, 0x69344d6e7acbd6e60e93c10865e489c54293af7143ef5cc58127aa67175d0dd2)
>>> Check installed repositories
OPNsense
SunnyValley
>>> Check installed plugins
os-crowdsec 1.0.8_1
os-intrusion-detection-content-et-open 1.0.2_2
os-realtek-re 1.0
os-sensei 1.17.4
os-sensei-agent 1.17.4
os-sensei-updater 1.17
os-sunnyvalley 1.4_3
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 68 dependencies to check.
Checking packages: ........................
opnsense-24.1.9_3 version mismatch, expected 24.1.9_4
Checking packages: ............................................. done
***DONE***

Looks like I need to do an update, but due to the changes I don't expect much to happen.

[Greg_E]

DNSmasq seems to run, just not sure I have it set up correctly. I think this might be my temporary fix but I'll need to bring my laptop in to test and see if it's really working. The network I'm on has a Windows DNS running and it knows how to forward to other DNS servers past the firewall, so this network functions. I can get into my "management" port on the firewall with a laptop and see if that network really forwards.

I did expand the Unbound log and saw more info, but nothing really past the 24.1.9_3 update is shown.

If it helps, this is running on an HP T740 with AMD V1756B processor and 16 gb of ram. Uses an old Intel branded i350 four port card with WAN and three LAN networks. I do have VGA access.

If needed, I do have a second T740 that is the same except for RAM, only 8gb available in this hardware, I could try a clean install when I get time. But I should probably put my long term production system in place first, this will be running Business so may not even show an issue since it is an "older" version of OPN.

[Greg_E]

DNSmasq has me working on all networks now, but unbound has a lot more features. What else can I look at that might provide a little help finding this?

I did run an "unbound-checkconf" which reported no errors.

[franco]

Do you use any blocklists in Unbound? There were no changes in 24.1.9 WRT Unbound that I'm aware of.

It might also be a local DNS setup oddity. Some IPv6 related changes and safety changes. In one instance DNS servers were fed to the box by its own radvd that that might no longer be the case (for good reasons).


Cheers,
Franco

[Greg_E]

No block lists (yet) and I've disabled ipv6 because we don't use it here.

[PencilHCV]

Hi Greg!
Do you have DHCP Reservations?

If you have DHCP Reservations, check if any device hostname has strange characters, spaces, etc. do it in just one word and short
Start the Service.

best regards
Hugo