freebsd stable - Aug 2018 - Strange unbound behaviour

Hi,

I have two DNS servers up and running for my home setup. But for some
reason both stop resolving at some point.

1st instance is with unbbound from ports, second from base system but
configs are very similar:

# cat /usr/local/etc/unbound/unbound.conf
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
        interface: 0.0.0.0
        port: 53
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        use-caps-for-id: yes
        username: unbound
        directory: /usr/local/etc/unbound
        chroot: /usr/local/etc/unbound
        pidfile: /var/run/local_unbound.pid
        auto-trust-anchor-file: /usr/local/etc/unbound/root.key
        use-syslog: yes
        logfile: "log/unbound.log"
        statistics-interval: 600
        verbosity: 1
        access-control: 127.0.0.0/8 allow
        access-control: 10.1.1.0/24 allow
        hide-identity: yes
        hide-version: yes
        num-threads: 6

include: /usr/local/etc/unbound/forward.conf
include: /usr/local/etc/unbound/lan-zones.conf
include: /usr/local/etc/unbound/control.conf
include: /usr/local/etc/unbound/conf.d/*.conf

If I restart the service it works again...


root at umbrella:~# host dir.bg 127.0.0.1
;; connection timed out; no servers could be reached

umbrella:~# /etc/rc.d/local_unbound restart
Stopping local_unbound.
Waiting for PIDS: 645.
Starting local_unbound.
[1535116695] unbound[81742:0] warning: too many file descriptors requested.
The builtinmini-event cannot handle more than 1024. Config for less fds or
compile with libevent
[1535116695] unbound[81742:0] warning: continuing with less udp ports: 139
Waiting for nameserver to start... good
[16:18]root at umbrella:~# host dir.bg 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

dir.bg has address 194.145.63.12
dir.bg mail is handled by 1 mail.dir.bg.


Exactly the same behaviour on the other server.

The servers do not have many clients - it's a home network.

If've tried to debug this, but I do not see any errors in the logs, no sign
of low buffers or whatever.
The thing is that it looks like very easy to reproduce in my environment -
just launch the service use it for few days (sometimes hours) and it just
stops resolving new requests (cache is working, local zone are working and
etc)

Oh and If I reduce "num-threads" it's even easier to reproduce.

Anyone with similar experience?

On Aug 24 16:28, Stefan Lambrev wrote:
>Hi,
>
>I have two DNS servers up and running for my home setup. But for some
>reason both stop resolving at some point.
>
>1st instance is with unbbound from ports, second from base system but
>configs are very similar:
>
># cat /usr/local/etc/unbound/unbound.conf
>        directory: /usr/local/etc/unbound
>        chroot: /usr/local/etc/unbound
>
>If I restart the service it works again...
>
In man(5) unbound.conf it says this:

# make sure unbound can access entropy from inside the chroot.
# e.g. on linux the use these commands (on BSD, devfs(8) is used):
#      mount --bind -n /dev/random /etc/unbound/dev/random

I can see that you use a chroot. I'm wondering if you've not mounted a
/dev/random into the chroot and maybe it's running out of free entropy for
something and blocking. This might explain why it works for a while and then
fails.

I do this:

In /etc/fstab:

devfs                   /usr/local/etc/unbound/dev      devfs   rw      0      
0

In /etc/rc.conf:

devfs_set_rulesets="/usr/local/etc/unbound/dev=devfsrules_unbound"

In /etc/devfs.rules:

[devfsrules_unbound=10]
add hide
add path random unhide

Might help?

-- 
Matt