Project

General

Profile

Bug #7750

unbound refuses ipv6 queries after reboot

Added by Daryl Morse 5 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Category:
DNS Resolver
Target version:
Start date:
08/02/2017
Due date:
% Done:

0%

Affected Version:
2.4
Affected Architecture:

Description

This issue first appeared when changes were made to reduce how often unbound restarts. It may have been present before, but not noticed, because unbound was restarting so often.

This issue pertains to pfsense 2.4 beta using the setting "Do not wait for a RA". After rebooting pfsense, unbound refuses ipv6 queries. This is noted with nslookup on windows and dig on windows and linux.

It's possible this problem is happening because unbound is starting before the PD process is complete.

C:\Users\User>nslookup google.com
Server: UnKnown
Address: 2001:*:*:*:215:5dff:fe5c:e21e

  • UnKnown can't find google.com: Query refused

C:\Users\User>dig @2001:*:*:*:215:5dff:fe5c:e21e google.com

; <<>> DiG 9.10.5 <<>> @2001:*:*:*:215:5dff:fe5c:e21e google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; >>HEADER<< opcode: QUERY, status: REFUSED, id: 16212
;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; Query time: 0 msec
;; SERVER: 2001:*:*:*:215:5dff:fe5c:e21e#53(2001:*:*:*:215:5dff:fe5c:e21e)
;; WHEN: Wed Aug 02 11:47:31 Pacific Daylight Time 2017
;; MSG SIZE rcvd: 12

After restarting unbound, nslookup and dig work properly.

History

#1 Updated by Daryl Morse 5 months ago

Here is a link to a post on the forum which shows the wireshark capture of the PD process:

[https://forum.pfsense.org/index.php?topic=132181.msg738106#msg738106]

Here is a link to a post on the forum which shows the log messages for dhcp6c and unbound during the reboot:

[https://forum.pfsense.org/index.php?topic=132181.msg738160#msg738160]

#2 Updated by Daryl Morse 4 months ago

This problem is also present in 2.3.4. I had not noticed it previously, because I never attempted to perform nslookup immediately after rebooting pfsense until now. I just did two reboots and noticed this problem on both attempts and in both cases, it went away after restarting unbound.

#3 Updated by Martin Wasley 4 months ago

Patch a921c7da1d1a0529e2f490d3a2d7d19ddfc82036

Commit to main repo will happen once all O.K is given by UK testers.

#4 Updated by Martin Wasley 4 months ago

Commit #3799

#5 Updated by Daryl Morse 4 months ago

Martin Wasley wrote:

Commit #3799

This fix works perfectly.

Thank you very much.

#6 Updated by Renato Botelho 4 months ago

  • Status changed from New to Assigned
  • Assignee set to Renato Botelho
  • Target version set to 2.4.0

#8 Updated by Daryl Morse 4 months ago

For the record, this problem is also present in 2.3.x for users of the "do not wait for RA" setting.

#9 Updated by Renato Botelho 4 months ago

  • Status changed from Assigned to Feedback

PR merged

#10 Updated by Renato Botelho 3 months ago

  • Status changed from Feedback to Resolved

Works

Also available in: Atom PDF