26.1.9 broke my DNS?

[passeri]

I upgraded my internal (not edge) router to 26.1.9 this morning (AEST), promptly losing DNS resolution although I could still ping external IP addresses. Reverting to the 26.1.8_5 snapshot did not resolve the problem. Absolutely nothing else was changed, this was a routine upgrade process. Has anyone else encountered this, such that I should report it formally?

All DNS is through Unbound on the edge. The internal router's Unbound points to the edge router.

For clarity I did not upgrade the edge router, so the other nets which do not pass through the internal router continued to behave normally. When I replaced the internal router with a switch then normal behaviour returned as expected.

[Mr.Goodcat]

Same issue here. Neither multiple restarts of unbound & dns-crypt as well as OPNsense nor a rollback to 26.1.5 (the entire VM image) fixed it. Yet, pings from OPN to e.g. 8.8.8.8 worked. Didn't have the time to check beyond this, but it seems quite odd.

Update: the rollback is now back up. No idea what happened there. Will go back to the latest version later in the day and report back to nail this down.

[newsense]

I upgraded my internal (not edge) router to 26.1.9 this morning (AEST), promptly losing DNS resolution

Did you try a health check?

Anything unusual in unbound debug logs ?

[newsense]

Same issue here. Neither multiple restarts of unbound & dns-crypt as well as OPNsense nor a rollback to 26.1.5 (the entire VM image) fixed it.

If a rollback failed it is more likely you experienced a brief internet outage that messed up the ssl connections in dnscrypt

[passeri]

I upgraded my internal (not edge) router to 26.1.9 this morning (AEST), promptly losing DNS resolution

Did you try a health check?

Anything unusual in unbound debug logs ?

Will try, and check. Currently it is unplugged. Tomorrow I will have time to set up to test those things without breaking internet for anyone else in the process.

[Mr.Goodcat]

Same issue here. Neither multiple restarts of unbound & dns-crypt as well as OPNsense nor a rollback to 26.1.5 (the entire VM image) fixed it.

If a rollback failed it is more likely you experienced a brief internet outage that messed up the ssl connections in dnscrypt

It most likely was a failure of DNS-crypt to load DNS servers via the fallback resolver. I used "194.150.168.168" (listed e.g. by CCC.de) which appears to be down.

[passeri]

Weird.

As noted above, I had made no changes at all to my configuration for months before I upgraded from 26.1.8 to 26.1.9, when DNS stopped.

Today I spent some time exploring for problems. The Unbound log showed enquiries were being blocked, yet I have no blocklist set in Unbound. Re-upgrading after returning to the prior snapshot (which also now failed) was marked by the same upgrade oddity that the normally verbose output did not show at all until the entire upgrade had completed. Still DNS did not work although the internet remained accessible by IP address.

I upgraded a reserve machine. It was fine, and displaying the usual output along the way.

I switched off to think about it a while, switched back on (far from the first power cycle in this) and, DNS woke up.

I am nonplussed. I did nothing to stop it working and nothing to fix it again. Cosmic rays from the Universe? Might Q-feeds have interfered for a while?

I will run the internal router for another day or so before nervously upgrading the edge.