DNSCrypt service had a red icon after scheduled reboot

Started by No999, May 29, 2026, 08:10:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 29, 2026, 08:10:15 PM Last Edit: May 30, 2026, 12:11:58 AM by MrHappyHippo
Hi everyone,

I recently configured a cron job to reboot my OPNsense firewall every 3 days.

After this morning's reboot, I noticed I had no internet connectivity. The DNSCrypt service had a red icon and wasn't running. I had to manually start DNSCrypt and then restart Unbound to restore DNS resolution.

I suspect the issue may have been related to IP assignment: the firewall might not have received an IPv6 address (or even an IPv4 address) immediately after reboot, which could have caused DNSCrypt to fail or exit. However, I couldn't find any logs indicating the process was killed or why it didn't start automatically.

My setup:

Destination NAT redirecting all LAN DNS traffic to Unbound
Unbound configured to forward queries to DNSCrypt

Questions:

Should DNSCrypt normally start automatically after reboot?
Is additional configuration needed to ensure the proper startup order?
Could this have been a one-time startup failure?
Is there a recommended way to ensure Unbound waits for DNSCrypt before starting?

Any tips or troubleshooting suggestions would be greatly appreciated.

Note: I've attached the relevant logs for reference. For some reason, the attachments are only visible when you are logged in. The reboot occurred at 4:00 AM, and I manually fixed the issue by restarting DNSCrypt and Unbound around 8:20 AM.

Service start order:

DNSCrypt starts at 04:01:23
Unbound starts at 04:01:24
Then Unbound starts again at 04:01:41

DNSCrypt wasn't fully ready when Unbound started:
Unbound depends on DNSCrypt upstream
Large DNSBL list load:
DNSBL module has 968,522 entries.
May 30, 2026, 01:40:05 PM #1
I've added two more cron jobs that might serve as a workaround. I didn't see any errors in the logs, so my idea is to have these additional tasks run shortly after the system reboot:

4:00 AM System reboot
4:10 AM dnsycrpy-proxy restart
4:15 AM unbound restart

Hopefully, staggering these restarts will ensure the services come up cleanly. I'll monitor and see if this resolves the issues.
June 03, 2026, 07:07:39 PM #2 Last Edit: June 03, 2026, 07:38:04 PM by No999
Seems like it was my IPv6 ULA address in the listen address causing the issue:

Code Select
None None [2026-06-03 18:30:32] [FATAL] listen udp [fdee:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:15353: bind: can't assign requested address
None None [2026-06-03 18:30:32] [NOTICE] Now listening to 127.0.0.1:15353 [TCP]
None None [2026-06-03 18:30:32] [NOTICE] Now listening to 127.0.0.1:15353 [UDP]

Just changed in listen address from ULA to [::1]:15353 and in unbound query forward too
Print
Go Up Pages1
User actions