Bug #16586
closed
unbound thinks kern.ipc.maxsockbuf is too low, per its logging
0%
Description
I see a this logged a lot:
`/rc.linkup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1765827052] unbound[89103:0] warning: setsockopt(..., SO_SNDBUF, ...) was not granted: No buffer space available [1765827052] unbound[89103:0] warning: so-sndbuf 4194304 was not granted. Got 57344. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value). [1765827052] unbound[89103:0] error: bind: address already in use [1765827052] unbound[89103:0] fatal error: could not open ports'`
Looking upstream, I found [this](https://github.com/NLnetLabs/unbound/issues/1360) which I believe is saying that increasing that sysctl would in fact be a good idea.
Looks like unbound was just updated in pfsense to 1.24.0 from [this](https://redmine.pfsense.org/issues/16503) which seems to fit with the other ticket describing this as new.
Updated by Matt Dombrowski about 2 months ago
What's your settings at Services / DNS Resolver / Advanced Settings / Message Cache Size and " " / EDNS Buffer Size configured to? If not already, try setting the former to 4 MB (i.e., the default) and the latter to 4096: Unbound Default, and then restart Unbound to see if it comes up cleanly.
(As an aside, this should've been posted to the forum first to determine if there's an actual bug here.)
Updated by Sean McBride about 2 months ago
Matt Dombrowski wrote in #note-1:
What's your settings at
Services / DNS Resolver / Advanced Settings / Message Cache Sizeand" " / EDNS Buffer Sizeconfigured to?
They are 4 MB and 'automatic value based on...'. According to my own docs (and memory), I've never touched these settings.
If not already, try setting the former to 4 MB (i.e., the default) and the latter to
4096: Unbound Default, and then restart Unbound to see if it comes up cleanly.
I'll give that a try in a couple of days, when I have a window for some disruption.
(As an aside, this should've been posted to the forum first to determine if there's an actual bug here.)
I had started to, but when I found that upstream ticket, I was feeling pretty convinced this was a pfsense bug due to its very recent upgrade of unbound.
Thanks for your reply!
Updated by Kris Phillips about 1 month ago
- Status changed from New to Incomplete
I'm not able to reproduce this issue on amd64 architecture on 25.11 of Plus.
Please provide additional reproduction steps.
Updated by Sean McBride 28 days ago
So on 2025-12-22 I changed unbound 'EDNS Buffer Size' from 'automatic value based on...' to '4096 unbound default' and I have not seen that error logged again. Also haven't seen any changes on my network or with DNS generally.
I'll continue to keep an eye on it...
Updated by Marcos M 25 days ago
- Project changed from pfSense Plus to pfSense
- Category changed from DNS Resolver to DNS Resolver
- Status changed from Incomplete to Needs Patch
- Affected Plus Version deleted (
25.11) - Affected Architecture deleted (
6100)
I've not seen the message logged. If the issue can be reproduced, perhaps the default option can be changed depending on the details. However from the discussion here and in the linked issue it seems this is better handled upstream.