Core 180: Unbound or DHCP issue?!?

Hello,

I have just green and red networks. And I use two fixed leases, and rest are dynamic leases on green network.

@ms would have to confirm since I do not speak python… It looks like when there is a DHCP lease change, then the unbound-dhcp-leases-bridge script does a unbound reload.

Again - I do not know if this is a problem. I just see it happen in the log!

BUT This is a guess on my part!

I also don’t speak python, but your interpretation seems reasonable to me.

Do the number of unbound restarts seem to correlate with the lease changes that occur on your network. As mine are fixed the only changes that would occur are when the computers are turned on. Also for my fixed leases I have a lease time of 10 days so I would not expect to see many lease changes.

My blue network has a lease time of 1 hour as being dynamic they are likely to go out of use when the computer is no longer connected, unless the involved computers are used regularly every day.

So maybe there is also an interaction of dynamic leases and the default lease time and how long those computers stay connected compared to the lease time.

For me:

DHCP enabled
Default lease time (mins): 60
Max lease time (mins): 120
Current fixed leases = 16
Current dynamic leases = 15
All items above are for both Green & Blue networks.

sometimes… This one is hard to explain. In last week’s log I see 527 unbound service stopped messages.

[**root@ipfire** ~] # zgrep -c "service stopped" /var/log/messages.1.gz
527

but I see WAY more DHCPACK messages.

[root@ipfire ~] # zgrep -c "DHCPACK" /var/log/messages.1.gz 
24027

So if I just look for a “service stopped” and then look for a “DHCPACK” before that I find the two line up fairly well.

my results.
some fixed IP some dynamic.

find /var/log -iname “messages*” | sort -Vr | tail -15 | xargs -I % bash -c ‘echo ; printf “% \t” % ;
grep --color -c “start of service” <(zcat -f %) ;
grep --color “CORE UPGR:” <(zcat -f %)’
-bash: [root@xxxxxx: command not found

/var/log/messages.14.gz 3

/var/log/messages.13.gz 3

/var/log/messages.12.gz 3

/var/log/messages.11.gz 2

/var/log/messages.10.gz 2436
Aug 13 20:07:59 xxxxxxx pakfire: CORE UPGR: Upgrading from release 176 to 177

/var/log/messages.9.gz 3080
Aug 26 08:45:11 xxxxxxx pakfire: CORE UPGR: Upgrading from release 177 to 178

/var/log/messages.8.gz 2842

/var/log/messages.7.gz 2776

/var/log/messages.6.gz 2628

/var/log/messages.5.gz 2865

/var/log/messages.4.gz 2899

/var/log/messages.3.gz 2553

/var/log/messages.2.gz 2800
Oct 8 08:39:06 xxxxxx pakfire: CORE UPGR: Upgrading from release 178 to 179

/var/log/messages.1.gz 2952

/var/log/messages 1620
Oct 22 06:49:53 xxxxxx pakfire: CORE UPGR: Upgrading from release 179 to 180
[root@xxxxxxx ~]#

that would be me. I do not use at all DHCP DNS registration as I have only fixed IPs and not once I have seen this problem.

When the “DNS update” is activated, it appears to me that the DHCP DNS registration through unbound-dhcp-leases-bridge is disabled. Given that Unbound is not equipped to handle the RFC2136 signed message, this essentially deactivates the entire feature. This might be the reason why those who heavily depend on this feature no longer face the issue once they enable the DNS update. It would be helpful if @arslanone or @roberto or @jon could confirm whether any DNS new registration take place when the “DNS update” option in the WUI is selected, which would support this hypothesis.

Regarding the bug, I concur with @jon. However, my limited knowledge of Python means my input may not be particularly helpful.

Hi @jon.

I had never activated this option until now. Following @cfusco recommendation/test, I had never activated it.

Only dynamic leases in Green and Blue, for Red, static IP.

Greetings.

Since enabling this option, I have not had any Unbound restarts.

I hope this helps.

Greetings.

Roberto, can you check if you have a DNS update as well? I think with this option enabled, when the IP of a client changes, the DNS IS NOT updated.

Hello @cfusco

I’d be happy to test this for you. But I’m not sure I understand what you mean. Would you like me to try and register a new device… never before connected to my network?

Thanks

Yes, thank you. It would also work changing the IP address of a machine with an already established local DNS name. If I am correct, it would not be updated or a new machine would not be entered in the local DNS system

Hello @cfusco

I just connected a new device (a neighbor’s) and it got entered into the system.

299_26-Oct-2023-14-43-03750×37 3.78 KB

Does this tell you something?

Hi @cfusco.

I can’t do this test as it is a remote IPFire box on a remote network that I don’t physically have access to now.

Greetings.

That’s the DHCP server log. If the DHCP successfully communicates the hostname to the DNS for the local domain, you should be able to resolve the hostname using “hostname.localdomain” (or your chosen domain). On the console, entering host hostname.localdomain should yield the DHCP assigned IP. This will indicate that the DNS name has been registered correctly with Unbound. However, I anticipate it might return “host not found”. If you get back the IP, my hypothesis would be falsified. If you get “host not found”, it would be supported.

Thank you @cfusco

For this test, does the new device need to be connected to my network?

I believe it’s not connected anymore, since my neighbor lives 2 houses away. But here’s the result:

host Galaxy-A11.localdomain                                                                                                                                                   
Host Galaxy-A11.localdomain not found: 3(NXDOMAIN)

If the device needs to be connected for the test to be useful, I could try the other method… the one where you said:

It would also work changing the IP address of a machine with an already established local DNS name

But I need more info for that. Am I supposed to change IP of a fixed lease?

Thanks

that would be perfect. If the DNS returns an IP that corresponds to the last DHCP lease, my hypothesis will be falsified.

Hello @cfusco

I found an old device (Android 4.4) of mine, and charged and tested it.

It’s connected, with IP 192.168.1.24.

Here’s the result.

~ host android-61724bacf2b40a6a.localdomain                                                                                                                                   
~ Host android-61724bacf2b40a6a.localdomain not found: 3(NXDOMAIN)

And if I ping it:

~ ping 192.168.1.24                                                                                                                                                           
PING 192.168.1.24 (192.168.1.24) 56(84) bytes of data.
64 bytes from 192.168.1.24: icmp_seq=1 ttl=64 time=25.3 ms

Let me know if this help. Any more test I can do let me know.

Thanks,

Thank you @arslanone . You spent quite some time making these tests. It is greatly appreciated.

Conclusion: Activating “DNS Update” with Unbound results in the deactivation of DHCP DNS Registration. When left unchecked, DNS registration is managed by unbound-dhcp-leases-bridge, which subsequently triggers the Unbound restart bug.

Do you all agree?

Thank you @cfusco it’s the least I could do.