Unbound DNS crash after upgrade

[pjw]

I recently upgraded to the 24.7_9 release from 24.1. My Unbound DNS thread today stopped working, with my local clients getting a DNS server failure when trying to resolve things not locally cached.  I restarted the Unbound DNS service from the GUI, and everything seems ok now.

I don't see anything in the log files that would indicate a problem, it just seemed to have hung.

Any ideas to help gather info, I'm happy to provide.  Also, if there's a way to monitor this like Monit or something that can then be used to restart it, I'm happy to try that out too.

[newsense]

Are you using regular DNS or DoT ?

[pjw]

Pretty sure it's Regular DNS.  I have a screenshot of my config attached.

[Lewman]

Same issue for me - Tonnes of DNS drops..

[newsense]

I was referring to the upstream DNS you have defined in Unbound.

Thing is, the behavior you're describing can happen when using encrypted connections for DNS. The SSL connection can be dropped upstream for various reasons while Unbound still tries sending queries thinking it has a valid connection.

If this is the case there's not much to be done other than restarting Unbound and keeping an eye on the WAN link

[pjw]

I was referring to the upstream DNS you have defined in Unbound.

Thing is, the behavior you're describing can happen when using encrypted connections for DNS. The SSL connection can be dropped upstream for various reasons while Unbound still tries sending queries thinking it has a valid connection.

If this is the case there's not much to be done other than restarting Unbound and keeping an eye on the WAN link

Ah ok, sorry I misunderstood.  I do not have DNS over TLS enabled in Unbound.  I have no other Advanced features enabled.  I only have Register ISC DHCP4 Leases and Register DHCP Static Mappings.  For the latter, I have 9 total statically defined leases, and about 90ish other dynamic leases.

[dinguz]

In case of issues with unbound, I would suggest disabling both DHCP registration and the reporting (stats/graphs) part of DNS block lists, as I found these to produce errors in the logs. Now it runs fine here. I didn't investigate further to find a root cause.

[Grashopper]

Hi Everyone,

I was running into the exact same issue after the upgrade. I was able to start unbound service after unchecking "Register ISC SHCP4 Leases" and "Register DHCP Static Mappings".

Thanks

[pjw]

Thanks for the suggestions on some things to try tweaking. I don't necessarily care about the ISC registrations from dhcp, but I do care about the static mappings getting registered. So we'll see if turning off ISC reporting will resolve things or not.

It's worth noting I've only seen Unbound hang/crash once requiring manual intervention to restart it. But it was bad enough that it broke my home internet (and the wife and kids weren't thrilled). Hence this ticket in case something might jump out to the devs

[pjw]

I just ran into this again, on 24.7.2.  Unbound seemed to stop forwarding DNS requests to my ISP's nameservers (all set by DHCP, nothing manually entered).  It looked like cached entries were all working fine, like google.com, various news websites, etc.  But I noticed when I tried updating an OctoPi instance, that https://github.com failed to resolve.  I checked multiple hosts at home, and then toggled my phone onto cell only, and it resolved fine.  I restarted Unbound DNS on my OPNsense box, and all hosts in my house can now resolve GitHub.

Seems like there's still a situation where Unbound can randomly hang with no warning or indication it needs a restart.  Any other suggestions I can try, or any telemetry I can upload to help devs debug this?