https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162021-02-26T00:40:27ZpfSense bugtrackerpfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=516122021-02-26T00:40:27ZFrank Gouton
<ul></ul><p>I'm made a mistake selecting the version. It's the latest stable version 2.5. Can you fix that please?</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=516232021-02-26T07:21:02ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>Unbound not working after restart</i> to <i>Unbound does not bind to down/nocarrier interface when it recovers</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Not a Bug</i></li><li><strong>Priority</strong> changed from <i>High</i> to <i>Low</i></li><li><strong>Target version</strong> set to <i>CE-Next</i></li><li><strong>Affected Version</strong> changed from <i>2.4.5</i> to <i>2.5.0</i></li></ul><p>This is very similar to <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Unbound fails to start if it binds to down/nocarrier interface (Resolved)" href="https://redmine.pfsense.org/issues/11087">#11087</a> -- Seems like you have specific interfaces selected for the resolver to use, and unbound doesn't restart when the interface status changes back to 'up' after being down to pick up the recovered interface.</p>
<p>You can switch the interface selection to 'All' to work around the problem.</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=516242021-02-26T07:21:09ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Not a Bug</i> to <i>New</i></li></ul> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=516302021-02-26T07:46:21ZFrank Gouton
<ul></ul><p>The option "All" includes the WAN interface too. Wouldn't it be a security risk to open the unbound port on the wan interface?</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=516352021-02-26T07:55:27ZJim Pingle
<ul></ul><p>It's not a significant concern or it wouldn't be the default behavior. Both the firewall rules AND unbound ACLs prevent any queries from being accepted on WAN.</p>
<p>Unless you have overly lenient WAN rules and have manually added loose unbound ACLs (like for 0.0.0.0/0) then there is little risk in binding to all.</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=516372021-02-26T08:05:16ZFrank Gouton
<ul></ul><p>Ok thanks. Looks like setting it to "All" works for now. This behavior is new with the latest pfsense update. Never had the problem with the previous version. (Pfsense on custom hardware)</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=516442021-02-26T10:02:26ZViktor Gurov
<ul></ul><p>rare issue, but could be fixed:<br /><a class="external" href="https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/158">https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/158</a></p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=516572021-02-26T10:47:10ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Pull Request Review</i></li></ul> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=517712021-03-01T08:14:59ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Pull Request Review</i> to <i>Feedback</i></li><li><strong>Assignee</strong> set to <i>Viktor Gurov</i></li></ul><p>PR has been merged. Thanks!</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=517772021-03-01T08:20:08ZViktor Gurov
<ul><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Restart unbound on interface recover. Fixes #11547" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/a1fe814421904ca00b6a04431d62ba18dcebf607">a1fe814421904ca00b6a04431d62ba18dcebf607</a>.</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=519802021-03-06T07:55:18ZStéphane BARBARAY
<ul></ul><p>I encounter a similar problem with bind which stop responding each time an openvpn disconnection/connection is made... could the patch resolve that problem too? I'm tempted to apply it...</p>
<p>hereunder what happen in log when named stop responding...<br />filterdns<sup><a href="#fn9294">9294</a></sup>: merge_config: configuration reload<br />[...]<br />named<sup><a href="#fn53473">53473</a></sup>: network: error: creating IPv4 interface ovpnc2 failed; interface ignored<br />filterdns<sup><a href="#fn9294">9294</a></sup>: merge_config: configuration reload<br />[...]</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=519942021-03-07T23:11:16ZViktor Gurov
<ul></ul><p>Stéphane BARBARAY wrote:</p>
<blockquote>
<p>I encounter a similar problem with bind which stop responding each time an openvpn disconnection/connection is made... could the patch resolve that problem too? I'm tempted to apply it...</p>
<p>hereunder what happen in log when named stop responding...<br />filterdns<sup><a href="#fn9294">9294</a></sup>: merge_config: configuration reload<br />[...]<br />named<sup><a href="#fn53473">53473</a></sup>: network: error: creating IPv4 interface ovpnc2 failed; interface ignored<br />filterdns<sup><a href="#fn9294">9294</a></sup>: merge_config: configuration reload<br />[...]</p>
</blockquote>
<p>Please create a new redmine issue</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=520802021-03-09T13:30:02ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Waiting on Merge</i></li><li><strong>Target version</strong> changed from <i>CE-Next</i> to <i>2.5.1</i></li></ul> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=521942021-03-10T13:05:25ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Waiting on Merge</i> to <i>Feedback</i></li></ul><p>Cherry-picked to RELENG_2_5_1</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=522842021-03-12T09:42:40ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>Unbound does not bind to down/nocarrier interface when it recovers</i> to <i>DNS Resolver does not bind to an interface when it recovers from a down state</i></li></ul><p>Updating subject for release notes.</p> pfSense - Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down statehttps://redmine.pfsense.org/issues/11547?journal_id=529582021-04-13T10:51:55ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul>