Bug #4095
closed
Unbound config not regenrated on WAN-style interface acquiring IP address
Added by Phillip Davis almost 10 years ago.
Updated almost 10 years ago.
Description
Example: system with dual-WAN - WAN and OPT1 both DHCP.
Boot with WAN getting DHCP but OPT1 connected but not getting DHCP.
Unbound in forwarding mode, no DNS servers explicitly in General Setup, "Allow DNS server list to be overridden by DHCP/PPP on WAN" checked.
unbound.conf has forwarders section like:
--------
- Forwarding
forward-zone:
name: "."
forward-addr: 10.172.1.1
--------
10.721.1.1 is the WAN DHCP-given gateway - good.
Now fix the problem upstream of OPT1 so it gets an IP address by DHCP.
apinger, gateway groups and associated rules do their thing - good.
But unbound.conf is not re-generated - it still has a single forward-addr listed.
Now WAN goes down (with some upstream problem - apinger detects 100% packet loss). Again nothing regenerates unbound.conf.
Now routing is all working fine. If you know the IP addresses of everything on the internet you are fine! But DNS is not working because unbound only knows about 10.172.1.1, which does not work any more.
Something needs to give unbound.conf a re-generate when WAN-style links have an IP address change, and particularly when Unbound is in forwarding mode and using the DNS servers learned from DHCP.
(If the DNS servers are all specified in General Setup, then there should be no problem - the fully-populated unbound.conf would be generated at boot time, whether every WAN link is up or not)
- Assignee set to Chris Buechler
in my case one of my alix boxes has a single wan conenction (pppoe) and i have set it to periodically reset at 3am so when that happens, the isp gives out a new ip but dns resolver wont switch to that new ip.
my config has network itnerfaces as all and outgoing itnerface as WAN selected with forwarding mode enabled and custom dns server list, rest of the things are stock settings
- Status changed from New to Feedback
I just committed what should be a solution for this. Phil and Bipin if you could please verify on 31st snapshot (or gitsync) or newer. This seems to fix the circumstances noted here, as well as a closely related issue someone reported on the forum.
Tested by:
Test system with WAN connected to a local LAN through a switch, switch uplinked to a production pfSense that gives out DHCP and then connects to internet.
Test system has WAN DHCP, General setup "Allow DNS server list to be overridden by DHCP/PPP on WAN", no DNS servers specified, Unbound enabled with Forwrding Mode enabled.
1) Disconnect uplink cable from switch to production pfSense (thus preventing test pfSense WAN from getting DHCP).
2) Reboot test pfSense - it is sitting waiting for WAN DHCP, obviously no DNS or any internet at this point.
3) Connect uplink cable from switch to production pfSense
4) Test pfSense obtains WAN DHCP after some seconds.
Before the fix: Client on Test pfSense LAN can ping out to known internet IP addresses but cannot resolve DNS (because unbound conf was not regenerated).
Repeat test after applying the fixed code: Client on Test pfSense LAN can do all internet - resolve DNS and access stuff by name and/or IP address (/var/unbound/unbound.conf is generated and has the forward-addr correct in it)
Fixed - thanks
Note: I have only tested with IPv4. But I presume the same problem, test case and resolution should work for IPv6 in this scenario.
- Status changed from Feedback to Resolved
thanks Phil. Yeah v6 goes through the same thing, it worked fine as well.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by