Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to increase TLD Domain count exceeded. [ 4000000 ]

    pfBlockerNG
    3
    11
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fsantoro
      last edited by

      I'm getting the following messagem: TLD Domain count exceeded. [ 4000000 ]

      How to increase this limit?

      1 Reply Last reply Reply Quote 0
      • D
        dma_pf
        last edited by

        If I remember correctly it's in the pfsense gui at System/Advanced/Firewall & NAT/Firewall Maximum Table Entries/

        F 1 Reply Last reply Reply Quote 0
        • F
          fsantoro @dma_pf
          last edited by

          @dma_pf I already changed this parameter, put 10M and still it keeps crashing at 4M

          D 1 Reply Last reply Reply Quote 0
          • D
            dma_pf @fsantoro
            last edited by

            @fsantoro Sorry my bad! I remember now that the amount of tld's is limited by the available RAM in the system. Are you using "Unbound Python Mode" at Firewall/pfBlockerNG/DNSBL/DNSBL Mode/ ? If not, then try switching it to the python mode.

            The Unbound Mode has a limitation on the amount of tld's because the list of tlds has to be stored in memory. The Unbound Python Mode does not load everything into memory and can handle a lot more tlds.

            Also make sure you're running the latest version of pfblockerng-devel (3.1.0_1). I know it says devel but it is stable and is recommended by the developer as the stable branch. The other pfblockerNG 2.x.x is considered obsolete at this point.

            F 1 Reply Last reply Reply Quote 0
            • F
              fsantoro @dma_pf
              last edited by

              @dma_pf Hmm... I have 32gb of RAM on my PfSense and I only use unbound, because python mode has problems with DNS server and DHCP Server. And my PF has these 2 services active.

              Yes my package is 3.1.0.1 DEVEL

              1 Reply Last reply Reply Quote 0
              • D
                dma_pf
                last edited by

                I would expect that with 32gb there would be plenty of memory. I found a discussion about a similar issue with @BBcan177 who is the developer of pfblockerng. Here it is: https://www.reddit.com/r/pfBlockerNG/comments/lrd6ah/tld_domain_count_exceeded_800000_all_subsequent/

                python mode has problems with DNS server and DHCP Server.

                I've been using the Python mode for a year now with no issues. I use DNS Resolver in Unbound mode (not forwarding mode). And yes, there is an issue with DHCP Registration that messes things up in Python mode. The work around is to uncheck Services/DNS Resolver/General Settings/DHCP Registration/. And if you do have clients that connect through DHCP which you need to access by their host name, then assign them a static IP in DHCP. Then enable Services/DNS Resolver/General Settings/Static DHCP/ and you will still be able to resolve them by host name.

                F 1 Reply Last reply Reply Quote 1
                • F
                  fsantoro @dma_pf
                  last edited by fsantoro

                  @dma_pf Thanks a lot! I Just changed the configuration file.
                  File: /usr/local/pkg/pfblockerng/pfblockerng.inc

                  From:
                  $pfb['pfs_mem'] = array( '0' => '200000', '1500' => '300000', '2000' => '400000', '2500' => '500000', '3000' => '400000',

                  To:
                  $pfb['pfs_mem'] = array( '0' => '200000', '1500' => '300000', '2000' => '400000', '2500' => '500000', '3000' => '900000',

                  D S 2 Replies Last reply Reply Quote 0
                  • D
                    dma_pf @fsantoro
                    last edited by

                    @fsantoro Cool! Did that fully resolve your issue?

                    F 1 Reply Last reply Reply Quote 0
                    • F
                      fsantoro @dma_pf
                      last edited by

                      @dma_pf said in How to increase TLD Domain count exceeded. [ 4000000 ]:

                      Cool! Did that fully resolve your issue?

                      Completely!!!

                      1 Reply Last reply Reply Quote 0
                      • D
                        dma_pf
                        last edited by

                        Fantastic! We both learned something new...big win for both of us.

                        1 Reply Last reply Reply Quote 0
                        • S
                          SteveITS Galactic Empire @fsantoro
                          last edited by

                          @fsantoro Interesting, 400000 on that line is a bit less than the 4000000 in the post title...

                          FYI I seem to recall PHP has a limit of 512 MB on pfSense.

                          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                          Upvote 👍 helpful posts!

                          1 Reply Last reply Reply Quote 0
                          • F float referenced this topic on
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.