Regression #11634
open
bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
0%
Description
I encounter a problem with bind since 2.5.0, it stops responding to queries each time an openvpn disconnection/connection as a tun client is made to another ovpn server (so the pfsense here is an openvpn client to another pfsense)...
hereunder what happen in log when named stop responding...
filterdns9294: merge_config: configuration reload
[...]
named53473: network: error: creating IPv4 interface ovpnc2 failed; interface ignored
filterdns9294: merge_config: configuration reload
[...]
the only way to restart bind, without rebooting pfsense, is to kill named process via console, then start again via interface
to circumvent the problem :
- I changed the way openvpn is working by setting a TAP connection instead of TUN, so that interface is always ON even when reconnecting (it is working now for 40h without problem)
- I also removed the need to use filterdns by setting plain IP in aliases instead of FQDN
btw :
- the interfaces are set to "Listen on ALL interfaces" in bind config
- responding to queries and transferring zones thru vpn is required (and acl are sets)
- i upgraded to bind 9.16.12 with no more success to the problem
- unbound is totally disabled, only bind is used (there is no unbound process involved here)
Updated by Jim Pingle about 3 years ago
- Project changed from pfSense to pfSense Packages
- Category changed from DNS Resolver to BIND
Updated by Stéphane BARBARAY about 3 years ago
The problem seems worse than I thought : as soon as you restart an openvpn service, even as a server, or as soon as a network interface is reappearing, named will immediately hang...
Updated by itfabrica Tech about 3 years ago
Good day! I confirm the problem, I created a ticket, but I was told that this is not an error
https://redmine.pfsense.org/issues/11542#change-51602
Updated by Stéphane BARBARAY about 3 years ago
The problem is maybe not directly related, but I encountered this too, and if you wait 5mn before trying to reconnect without restarting openvpn service then it work again, but if you restart openvpn service then bind will stop processing queries because an interface disappeared then reappeared... So that the two combined problems are really annoying (to be polite)