Bug #16586
closed
unbound thinks kern.ipc.maxsockbuf is too low, per its logging
Added by Sean McBride 29 days ago.
Updated 4 days ago.
Description
I see a this logged a lot:
`/rc.linkup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1765827052] unbound[89103:0] warning: setsockopt(..., SO_SNDBUF, ...) was not granted: No buffer space available [1765827052] unbound[89103:0] warning: so-sndbuf 4194304 was not granted. Got 57344. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value). [1765827052] unbound[89103:0] error: bind: address already in use [1765827052] unbound[89103:0] fatal error: could not open ports'`
Looking upstream, I found [this](https://github.com/NLnetLabs/unbound/issues/1360) which I believe is saying that increasing that sysctl would in fact be a good idea.
Looks like unbound was just updated in pfsense to 1.24.0 from [this](https://redmine.pfsense.org/issues/16503) which seems to fit with the other ticket describing this as new.
What's your settings at Services / DNS Resolver / Advanced Settings / Message Cache Size and " " / EDNS Buffer Size configured to? If not already, try setting the former to 4 MB (i.e., the default) and the latter to 4096: Unbound Default, and then restart Unbound to see if it comes up cleanly.
(As an aside, this should've been posted to the forum first to determine if there's an actual bug here.)
Matt Dombrowski wrote in #note-1:
What's your settings at Services / DNS Resolver / Advanced Settings / Message Cache Size and " " / EDNS Buffer Size configured to?
They are 4 MB and 'automatic value based on...'. According to my own docs (and memory), I've never touched these settings.
If not already, try setting the former to 4 MB (i.e., the default) and the latter to 4096: Unbound Default, and then restart Unbound to see if it comes up cleanly.
I'll give that a try in a couple of days, when I have a window for some disruption.
(As an aside, this should've been posted to the forum first to determine if there's an actual bug here.)
I had started to, but when I found that upstream ticket, I was feeling pretty convinced this was a pfsense bug due to its very recent upgrade of unbound.
Thanks for your reply!
- Status changed from New to Incomplete
I'm not able to reproduce this issue on amd64 architecture on 25.11 of Plus.
Please provide additional reproduction steps.
So on 2025-12-22 I changed unbound 'EDNS Buffer Size' from 'automatic value based on...' to '4096 unbound default' and I have not seen that error logged again. Also haven't seen any changes on my network or with DNS generally.
I'll continue to keep an eye on it...
- Project changed from pfSense Plus to pfSense
- Category changed from DNS Resolver to DNS Resolver
- Status changed from Incomplete to Needs Patch
- Affected Plus Version deleted (
25.11)
- Affected Architecture deleted (
6100)
I've not seen the message logged. If the issue can be reproduced, perhaps the default option can be changed depending on the details. However from the discussion here and in the linked issue it seems this is better handled upstream.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by