On Sun, Jul 27, 2014 at 12:22:52AM -0400, Todd Zimmermann wrote: > > The home LAN setup here is a humble /29 on IPv4: unbound listens on > the internal and loopback interfaces, forwarded to dnscrypt-proxy on > localhost, and then out to OpenDNS. >
So you are basically daisy chaining three different resolvers? This seems a bit scary to me from a maintenence standpoint :). If nothing else I guess you need to verify all pieces of the puzzle are working as intended when problems occur. > I do have snort (inline mode) running, so there is the expected temp > loss of remote connectivity until snort is running. Normally it works > itself out, but this is likely the point where this issue appears. Guess it's possible, not sure how it would affect unbound. > @Patrick - I see /etc/rc.d/unbound already has daemon_flags="-c > /var/unbound/unbound.conf". My rc.conf.local just has unbound_flags= Yeah, sorry about the confusion. Your way is the proper one, I was just doing things a bit too fast when trying to recreate your problem. > > # dig yahoo.com returns a SERVFAIL > After a # kill -9 and starting unbound from /etc/rc things are fine. > > I'll turn up logging/verbosity and poke around more if/when it happens > again. Will try to figure out ktrace and/or turn on debugging (-d) for > unbound. Have run into this once in a blue moon when the system has > been running for days/weeks. > >From your initial message I was under the impression the SERVFAIL occurs after every reboot. Seems it is more complex then :). Regards, Patrik Lundin
