FreeBSD 14.0 headache -- I am a noob
Chris
Public2 at xymox1.com
Thu May 16 18:21:10 UTC 2024
Again, Unless someone else sees something like this, I would ignore my
issue. It was just so weird I decided to post.
I am moving on as FreeBSD 13.3 is working perfectly.. This is just a
post in case someone else sees something odd running Unbound on FreeBSD
14.0..
I am not looking for possible fixes as I would have to move back to a
fresh copy of 14.0 and take the server offline to test things. Once
FreeBSD 13.x is EoL then I will go to 14.x..
Lots more detail below for hardware and software config.
_________________________________
System information
Manufacturer: Hewlett-Packard
Product Name: HP Z420 Workstation
________________________________
Base board information
Manufacturer: Hewlett-Packard
Product Name: 1589
_______________________________
root at xymox:~ # pciconf -lv | grep -A1 -B3 network
em4 at pci0:0:25:0: class=0x020000 rev=0x05 hdr=0x00 vendor=0x8086
device=0x1502 subvendor=0x103c subdevice=0x1589
vendor = 'Intel Corporation'
device = '82579LM Gigabit Network Connection (Lewisville)'
class = network
subclass = ethernet
--
em0 at pci0:3:0:0: class=0x020000 rev=0x06 hdr=0x00 vendor=0x8086
device=0x105e subvendor=0x8086 subdevice=0x115e
vendor = 'Intel Corporation'
device = '82571EB/82571GB Gigabit Ethernet Controller D0/D1
(copper applications)'
class = network
subclass = ethernet
em1 at pci0:3:0:1: class=0x020000 rev=0x06 hdr=0x00 vendor=0x8086
device=0x105e subvendor=0x8086 subdevice=0x115e
vendor = 'Intel Corporation'
device = '82571EB/82571GB Gigabit Ethernet Controller D0/D1
(copper applications)'
class = network
subclass = ethernet
em2 at pci0:4:0:0: class=0x020000 rev=0x06 hdr=0x00 vendor=0x8086
device=0x105e subvendor=0x8086 subdevice=0x115e
vendor = 'Intel Corporation'
device = '82571EB/82571GB Gigabit Ethernet Controller D0/D1
(copper applications)'
class = network
subclass = ethernet
em3 at pci0:4:0:1: class=0x020000 rev=0x06 hdr=0x00 vendor=0x8086
device=0x105e subvendor=0x8086 subdevice=0x115e
vendor = 'Intel Corporation'
device = '82571EB/82571GB Gigabit Ethernet Controller D0/D1
(copper applications)'
class = network
subclass = ethernet
--
em5 at pci0:6:0:0: class=0x020000 rev=0x06 hdr=0x00 vendor=0x8086
device=0x105e subvendor=0x8086 subdevice=0x125e
vendor = 'Intel Corporation'
device = '82571EB/82571GB Gigabit Ethernet Controller D0/D1
(copper applications)'
class = network
subclass = ethernet
em6 at pci0:6:0:1: class=0x020000 rev=0x06 hdr=0x00 vendor=0x8086
device=0x105e subvendor=0x8086 subdevice=0x125e
vendor = 'Intel Corporation'
device = '82571EB/82571GB Gigabit Ethernet Controller D0/D1
(copper applications)'
class = network
subclass = ethernet
___________________
NIC 1 Top port Worked
em0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e504bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether 00:17:08:7d:a1:1c
inet 10.1.10.1 netmask 0xff000000 broadcast 10.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
NIC 1 Bottom Port - did not work.
em1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e504bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether 00:17:08:7d:a1:1d
inet 10.1.10.2 netmask 0xff000000 broadcast 10.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
NIC 2 Top Port - worked
em2: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e504bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether 00:15:17:2e:87:24
inet 10.1.10.3 netmask 0xff000000 broadcast 10.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
NIC 2 Bottom port - did not work
em3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e504bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether 00:15:17:2e:87:25
inet 10.1.10.4 netmask 0xff000000 broadcast 10.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Motherboard ethernet port - worked.
em4: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e524bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether e8:39:35:63:1d:c4
inet 10.1.1.7 netmask 0xff000000 broadcast 10.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
NIC 3 Top port - worked
em5: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e504bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether 00:15:17:1e:47:c4
inet 10.1.10.5 netmask 0xff000000 broadcast 10.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
NIC 3 Bottom port - did not work.
em6: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e504bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether 00:15:17:1e:47:c5
inet 10.1.10.6 netmask 0xff000000 broadcast 10.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
_________________________
Running services
apache24 is running as pid 61588.
cron is running as pid 21946.
devd is running as pid 89978.
munin_node is running as pid 59792.
ntpd is running as pid 63956.
unbound is running as pid 29601.
_____________
Firewall = disabled
_______________
CPU information
Machine class: i386
CPU Model: Intel(R) Xeon(R) CPU E5-1650 0 @ 3.20GHz
No. of Cores: 6
_______________
The issue was there on a fresh install of FreeBSD 14.0 with a pkg
install unbound of unbound 1.19 or 1.20. Problem was gone on fresh
install of FreeBSD 13.3.. Tried both pkg install and a wget compiled
version of 1.20.
______________
The weird config on Unbound I run. This works fine for my use at home. I
know its weird. I did not use this during testing. I used a std config.
I did try this config and the problem was still present. This is what I
run now and works fine, but I know its really noobie..
server:
val-log-level: 1
use-syslog: yes
verbosity: 0
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
tls-session-ticket-keys: yes
aggressive-nsec: yes
cache-min-ttl: 360
do-ip4: yes
do-ip6: no
do-tcp: yes
harden-below-nxdomain: yes
harden-glue: yes
harden-referral-path: yes
harden-large-queries: yes
harden-dnssec-stripped: yes
harden-short-bufsize: yes
harden-algo-downgrade: yes
use-caps-for-id: yes
target-fetch-policy: "4 3 2 1 0"
hide-identity: yes
hide-version: yes
hide-trustanchor: yes
interface: 10.1.10.1
interface: 10.1.10.2
interface: 10.1.10.3
outgoing-interface: 10.1.10.4
outgoing-interface: 10.1.10.5
outgoing-interface: 10.1.10.6
outgoing-port-permit: 1024-65535
outgoing-num-tcp: 500
incoming-num-tcp: 30
minimal-responses: yes
num-threads: 6
outgoing-range: 8192
num-queries-per-thread: 4096
pidfile: "/var/run/unbound.pid"
port: 53
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
so-reuseport: yes
tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
use-caps-for-id: yes
statistics-cumulative: no
extended-statistics: yes
statistics-interval: 0
private-address: 10.0.0.0/8
val-clean-additional: yes
serve-expired: yes
# Speed tweaks
msg-cache-slabs: 1
rrset-cache-slabs: 1
infra-cache-slabs: 1
key-cache-slabs: 1
rrset-cache-size: 300m
msg-cache-size: 150m
so-rcvbuf: 8m
so-sndbuf: 8m
stream-wait-size: 8m
remote-control:
control-enable: yes
control-interface: 0.0.0.0
control-use-cert: no
forward-zone:
name: "."
#Secure DNS over TLS
forward-tls-upstream: yes
# forward-addr: 9.9.9.9 at 853 # quad9.net
# forward-addr: 149.112.112.112 at 853 # quad9.net
forward-addr: 1.1.1.2 at 853 #Cloudflare#
forward-addr: 1.0.0.2 at 853 #Cloudflare
# forward-addr: 8.8.8.8 at 853 #Google
# forward-addr: 8.8.4.4 at 853 #Google
________________________________________
On 5/16/2024 11:57 AM, Chris wrote:
> I am moved back to 13.3 now. This was with Unbound 1.20 and 1.19. I
> tried both. 1.19 was pkg install and 1.20 was compiled.
>
> But same config.
>
> interface: 10.1.10.1
> interface: 10.1.10.2
> interface: 10.1.10.3
> outgoing-interface: 10.1.10.4
> outgoing-interface: 10.1.10.5
> outgoing-interface: 10.1.10.6
>
> private-address: 10.0.0.0/8
>
> forward-tls-upstream: yes
> forward-addr: 1.1.1.2 at 853 #Cloudflare
> forward-addr: 1.0.0.2 at 853 #Cloudflare
> __
>
> I am now running Forked operation, you see that in the netstat.. IE
> ./configure --without-pthreads --without-solaris-threads But I tried
> unforked and forked and they both did the same thing..
>
> root at xymox:~ # netstat -na | grep ^udp | grep \.53
> udp4 0 0 10.1.10.3.53 *.*
> udp4 0 0 10.1.10.2.53 *.*
> udp4 0 0 10.1.10.1.53 *.*
> udp4 0 0 10.1.10.3.53 *.*
> udp4 0 0 10.1.10.2.53 *.*
> udp4 0 0 10.1.10.1.53 *.*
> udp4 0 0 10.1.10.3.53 *.*
> udp4 0 0 10.1.10.2.53 *.*
> udp4 0 0 10.1.10.1.53 *.*
> udp4 0 0 10.1.10.3.53 *.*
> udp4 0 0 10.1.10.2.53 *.*
> udp4 0 0 10.1.10.1.53 *.*
> udp4 0 0 10.1.10.3.53 *.*
> udp4 0 0 10.1.10.2.53 *.*
> udp4 0 0 10.1.10.1.53 *.*
> udp4 0 0 10.1.10.3.53 *.*
> udp4 0 0 10.1.10.2.53 *.*
> udp4 0 0 10.1.10.1.53 *.*
>
> ifconfig_em0="inet 10.1.10.1 netmask 255.0.0.0"
> ifconfig_em1="inet 10.1.10.2 netmask 255.0.0.0"
> ifconfig_em2="inet 10.1.10.3 netmask 255.0.0.0"
> ifconfig_em3="inet 10.1.10.4 netmask 255.0.0.0"
> ifconfig_em4="inet 10.1.1.7 netmask 255.0.0.0"
> ifconfig_em5="inet 10.1.10.5 netmask 255.0.0.0"
> ifconfig_em6="inet 10.1.10.6 netmask 255.0.0.0"
>
>
> VERY weird... The bottom port on each NIC would not respond to DNS
> query even tho they would show up in a netstat like above. This
> affected the outgoing-interface and interface. I moved the IPs around
> on the NICs via rc.conf and the bottom port was always dead. VERY
> odd.. I could always pull web pages via apache, ftp via proftpd and
> ping the ports that were dead for Unbound. This behavior seems
> impossible to me. Unbound does not get that deep into the devices I
> dont think. So this still seems impossible to me. Yet fresh loading
> 13.3 VS a fresh load 14.0,, 13.3 worked fine and 14.0 did not using
> the same config files.
>
> Don't spend any mental time on this. It pretty much fried my brain
> figuring out it was the OS upgrade. It was SO unlikely to be the OS
> upgrade as the ports worked for everything else, I did not initially
> consider it. I should know better then to use any software that has a
> .0 version. Always wait for at least .1 hahaha..
>
> Unless someone else sees something like this, I would ignore my issue.
> It was just so weird I decided to post.
>
> On 5/16/2024 10:42 AM, Cristiano Deana via Unbound-users wrote:
>> Hi,
>>
>> just to understand your problem:
>> do you have 6 different IPs? is unbound listening on every IP?
>> netstat -na | grep ^udp | grep \.53
>>
>> Thank you
>>
>> Il 16/05/2024 16:06, Chris via Unbound-users ha scritto:
>>> I have run Unbound for rDNS use on a older server for a long time. I
>>> recently went from FreeBSD 13.3 to FreeBSD 14.0. The server has 3
>>> Intel NIC cards with 2 ports each. 3 outgoing-interface, 3
>>> interface. While all 6 ports worked in every way I could test, they
>>> did not work correctly on Unbound. Only 1 port on each card was
>>> working for DNS.
>>>
>>> I am not savvy enough to really drill into what was going on fully.
>>>
>>> This was true with a fresh install of FreeBSD 14.0 and a default
>>> config of Unbound.
>>>
>>> Moving back to FreeBSD 13.3 resolved the issue.
>>>
>>> Hard for me to understand how the dual NICs worked ok for everything
>>> except Unbound. I tested Apache thru them, FTP, SSH and ping. These
>>> all worked fine. Unbound, not so much. VERY odd.. Maybe its just my
>>> old server hardware and something in NIC drivers..
>>
>
More information about the Unbound-users
mailing list