Bug #7750
closed
unbound refuses ipv6 queries after reboot
0%
Description
This issue first appeared when changes were made to reduce how often unbound restarts. It may have been present before, but not noticed, because unbound was restarting so often.
This issue pertains to pfsense 2.4 beta using the setting "Do not wait for a RA". After rebooting pfsense, unbound refuses ipv6 queries. This is noted with nslookup on windows and dig on windows and linux.
It's possible this problem is happening because unbound is starting before the PD process is complete.
C:\Users\User>nslookup google.com
Server: UnKnown
Address: 2001:*:*:*:215:5dff:fe5c:e21e
- UnKnown can't find google.com: Query refused
C:\Users\User>dig @2001:*:*:*:215:5dff:fe5c:e21e google.com
; <<>> DiG 9.10.5 <<>> @2001:*:*:*:215:5dff:fe5c:e21e google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; >>HEADER<< opcode: QUERY, status: REFUSED, id: 16212
;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; Query time: 0 msec
;; SERVER: 2001:*:*:*:215:5dff:fe5c:e21e#53(2001:*:*:*:215:5dff:fe5c:e21e)
;; WHEN: Wed Aug 02 11:47:31 Pacific Daylight Time 2017
;; MSG SIZE rcvd: 12
After restarting unbound, nslookup and dig work properly.
Updated by Daryl Morse almost 7 years ago
Here is a link to a post on the forum which shows the wireshark capture of the PD process:
[https://forum.pfsense.org/index.php?topic=132181.msg738106#msg738106]
Here is a link to a post on the forum which shows the log messages for dhcp6c and unbound during the reboot:
[https://forum.pfsense.org/index.php?topic=132181.msg738160#msg738160]
Updated by Daryl Morse almost 7 years ago
This problem is also present in 2.3.4. I had not noticed it previously, because I never attempted to perform nslookup immediately after rebooting pfsense until now. I just did two reboots and noticed this problem on both attempts and in both cases, it went away after restarting unbound.
Updated by Martin Wasley over 6 years ago
Patch a921c7da1d1a0529e2f490d3a2d7d19ddfc82036
Commit to main repo will happen once all O.K is given by UK testers.
Updated by Daryl Morse over 6 years ago
Updated by Renato Botelho over 6 years ago
- Status changed from New to Assigned
- Assignee set to Renato Botelho
- Target version set to 2.4.0
Updated by Renato Botelho over 6 years ago
Proposed fix - https://github.com/pfsense/pfsense/pull/3799
Updated by Daryl Morse over 6 years ago
For the record, this problem is also present in 2.3.x for users of the "do not wait for RA" setting.