From owner-freebsd-questions@freebsd.org Tue Aug 8 20:57:52 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9D65DCFE30 for ; Tue, 8 Aug 2017 20:57:52 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7D4C9736A6 for ; Tue, 8 Aug 2017 20:57:51 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 8C93B213DD for ; Tue, 8 Aug 2017 16:57:50 -0400 (EDT) Received: from web6 ([10.202.2.216]) by compute7.internal (MEProxy); Tue, 08 Aug 2017 16:57:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=mesmtp; bh=9t+EIzjx25Pst8aV0OWEdZUk8F NNV41//C9MAmHRsLc=; b=DKuSAO5ptRnuLS6eO6j6l/sZHhCZLGQk9hEc0rpANA JbS94wDlAeFpeCYtVv7N8BMH2y2eDGY4hR/rinLRNq+rgibo0JJlCcpVR5FXyh9J TW3j2Y36ivUDIW4f+GwM7GhSAJLVsy1JuVu2wXBFjwkS+8ZqeOJPWuhAO12noDbC s= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=9t+EIz jx25Pst8aV0OWEdZUk8FNNV41//C9MAmHRsLc=; b=OdT0bnCfCqydx01Se46JF8 kZlEfdfq4L6F66VWKMv5PpJeII7MsTfnccJkf/Fe8oC7EcqaNFIEBFddLPSJpPoZ qvVNU4v02M5ERNl8JIws7c4aX00c+ZlCXn0aVvl5jy0EbnOJZ0ps/o9od04SgAxe m/trbfgDuhDT02cA1F7HbZgNi0NRsh72Pnp10jeXG/31uZv5cJQ1nvBG7ZdEpmb/ Uarb1AON5Z0cDixwRWcrAHz+za5E8859hR/LroS/CjDyALTF6yZruh4nh/vN++6c CZtk3zmFzoA1pvP/QETszl73FOi5XoV4GvIEn3P9XbRQ/v1dVTP+NurR46BvK1gA == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 6D04548001; Tue, 8 Aug 2017 16:57:50 -0400 (EDT) Message-Id: <1502225870.1861640.1067302200.66F7BE1B@webmail.messagingengine.com> From: Dave Cottlehuber To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-4448c6f4 In-Reply-To: <0f0b1cc202aa81fd46899dbd2aa44758.squirrel@webmail.harte-lyne.ca> Date: Tue, 08 Aug 2017 22:57:50 +0200 Subject: Re: FreeBSD-11 local_unbound stops resolving References: <0f0b1cc202aa81fd46899dbd2aa44758.squirrel@webmail.harte-lyne.ca> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2017 20:57:52 -0000 On Tue, 8 Aug 2017, at 18:45, James B. Byrne via freebsd-questions wrote: > I have a reoccurring issue with my recently installed FreeBSD > workstation. The local_unbound dns service ceases to provide dns > entries to the local resolver after some period of time; measured in > many hours or days. I have checked the pf firewall logs and that is > not blocking any traffic relating to DNS that I can detect. > > If I re-run local-unbound-setup then local_unbound again resolves. If > I restart the local_unbound service then dns resolution again works. > > I cannot see anything in /var/log/messages that indicate that the > unbound service has a problem and the service is indeed running when I > encounter the issue. > > We have many other FreeBSD-11 hosts running local unbound and I have > not noticed this issue anywhere else. Is this workstation using a DHCP assigned address perhaps? I've seen this on pfsense too when the external interface is restarted, perhaps a similar thing is happening here. At least you should be able to correlate this with loss of dns. If so, you may be able to work around this by prepending your DNS servers into your dhclient.conf on the workstation; here's my wlan0 config. I use this to avoid crappy wifi DNS providers when travelling, DNScrypt would be a better solution I guess. # /etc/dhclient.conf # https://www.freebsd.org/cgi/man.cgi?query=dhclient.conf interface "wlan0" { send host-name "your.host.name"; send dhcp-lease-time 864000; supersede domain-search "skunkwerks.at"; prepend domain-name-servers 172.16.1.1, 4.2.2.2; request subnet-mask, broadcast-address, time-offset, routers, domain-search, domain-name, domain-name-servers, host-name; require subnet-mask, domain-name-servers; }