Project

General

Profile

Bug #7096

Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces"

Added by Chris Collins about 3 years ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
01/06/2017
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

It starts fine if default ALL is selected.

But if specific interfaces are selected instead it prints bind errors and will not start, this even happens if I put the commands right at end of rc.boot.

It starts fine from the GUI.

The first error I see in log is it reports it fails to bind to the wan ipv6 link-local address, the address it reports is not the same as the actual address on the interface, the last octect is changed. In addition the address is not selected in the "Network Interfaces" section and is correctly not binding to it when started from the dashboard.

The actual wan link local ends in d0e6 but it tries to use an address that ends in d0e5, I have no idea where it gets the d0e5 from.
I also see errors in the log where it fails to bind to the wan ipv4 address, again this is not selected.

The selected interfaces are LAN facing interfaces.

localhost
lan ipv6 link-local
LAN

It is perhaps not a coincidence it reports errors for interfaces that are deselected.

So either needs fixing or remove the option from the GUI to choose the interface, I will examine the scripts and post what I think is a fix if I find a way to fix myself.

History

#1 Updated by Chris Collins about 3 years ago

I have a proposal which should make it easier for development.

I suggest removing the interface selection as is (for both network interfaces and the outgoing interfaces options). Replace them with tickboxes that are auto management of interfaces and by default its ticked, this auto mode behaves the same as selecting ALL does now.

Allow the user to deselect AUTO but have a warning that tells them they are responsible for adding the correct lines in the custom box otherwise the resolver will not function, this way it still allows customisation but is much simpler on the development side to maintain.

I already do this for the outgoing interfaces as I noticed for that one when ALL is selected it doesnt add any lines as is how it should be when not needing to limit outgoing interfaces and as such I was able to add the lines in the custom box, but this isnt possible currently on "Network Interfaces" as it always populates something unless everything is deselected.

So to summarise

Auto enabled is same as ALL is now.
Auto disabled is same as when nothing is selected and requires the end user to configure themselves manually.

#2 Updated by David Lessnau about 1 year ago

I appear to be having the same issue with pfSense 2.4.4-1:

https://forum.netgate.com/topic/138335/2-4-4_1-unbound-not-starting-upon-reboot

#3 Updated by Jim Pingle 6 months ago

  • Category set to DNS Resolver

Also available in: Atom PDF