Project

General

Profile

Bug #7096

Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces"

Added by Chris Collins over 3 years ago. Updated 6 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
01/06/2017
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

It starts fine if default ALL is selected.

But if specific interfaces are selected instead it prints bind errors and will not start, this even happens if I put the commands right at end of rc.boot.

It starts fine from the GUI.

The first error I see in log is it reports it fails to bind to the wan ipv6 link-local address, the address it reports is not the same as the actual address on the interface, the last octect is changed. In addition the address is not selected in the "Network Interfaces" section and is correctly not binding to it when started from the dashboard.

The actual wan link local ends in d0e6 but it tries to use an address that ends in d0e5, I have no idea where it gets the d0e5 from.
I also see errors in the log where it fails to bind to the wan ipv4 address, again this is not selected.

The selected interfaces are LAN facing interfaces.

localhost
lan ipv6 link-local
LAN

It is perhaps not a coincidence it reports errors for interfaces that are deselected.

So either needs fixing or remove the option from the GUI to choose the interface, I will examine the scripts and post what I think is a fix if I find a way to fix myself.

History

#1 Updated by Chris Collins over 3 years ago

I have a proposal which should make it easier for development.

I suggest removing the interface selection as is (for both network interfaces and the outgoing interfaces options). Replace them with tickboxes that are auto management of interfaces and by default its ticked, this auto mode behaves the same as selecting ALL does now.

Allow the user to deselect AUTO but have a warning that tells them they are responsible for adding the correct lines in the custom box otherwise the resolver will not function, this way it still allows customisation but is much simpler on the development side to maintain.

I already do this for the outgoing interfaces as I noticed for that one when ALL is selected it doesnt add any lines as is how it should be when not needing to limit outgoing interfaces and as such I was able to add the lines in the custom box, but this isnt possible currently on "Network Interfaces" as it always populates something unless everything is deselected.

So to summarise

Auto enabled is same as ALL is now.
Auto disabled is same as when nothing is selected and requires the end user to configure themselves manually.

#2 Updated by David Lessnau almost 2 years ago

I appear to be having the same issue with pfSense 2.4.4-1:

https://forum.netgate.com/topic/138335/2-4-4_1-unbound-not-starting-upon-reboot

#3 Updated by Jim Pingle about 1 year ago

  • Category set to DNS Resolver

#4 Updated by Arthur Moore about 1 month ago

I may be experiencing the same issue. More testing is required, but at the least Unbound is not starting, and I am being selective about interfaces.

#5 Updated by Marc Dorando 9 days ago

Same issue over here, Unbound does not start after rebooting on 2.4.5-RELEASE-p1 having LAN, VLAN and WAN1, WAN2 (LoadBalancing&Failover) and IPv4, IPv6 and pfb_dnsbl (stable) and snort (stable). Unbound was starting before 2.4.5 without any issues.

#6 Updated by Chris Collins 7 days ago

Just to add I Dont get this issue anymore, I think the problem may have been related to unbound starting "before" wan is online meaning the interface isnt available to bind to when started so then would fail, so a boot load order problem.

I do still restrict the bind to LAN, LAN2 (guest LAN), localhost. and both link local's. Because I am not binding to any interface with a WAN ip it may explain why I am ok now.

#7 Updated by Viktor Gurov 7 days ago

  • Affected Version set to 2.4.5-p1

Chris Collins wrote:

Just to add I Dont get this issue anymore, I think the problem may have been related to unbound starting "before" wan is online meaning the interface isnt available to bind to when started so then would fail, so a boot load order problem.

I do still restrict the bind to LAN, LAN2 (guest LAN), localhost. and both link local's. Because I am not binding to any interface with a WAN ip it may explain why I am ok now.

Can you provide more info about your configuration?
What type of WAN connection are you using? IPv4 - PPPoE, Static or DHCP? IPv6 - Static, SLAAC or DHCP6? Track interface for LAN IPv6?

#8 Updated by Chris Collins 6 days ago

Back when I reported the problem its was IPoE DHCP for Wan IPv4 and Track Interface for LAN IPv6.

Now it is IPv4 PPPoE, and for IPv6 it is static. I have never tried to bind a WAN interface on my current isp.

Also available in: Atom PDF