Alias not updated
-
Interesting. You might try resolving one of those in Diag > DNS Lookup. Make sure all the defined DNS servers can resolve it. If you have one or more shown that can't that might explain intermittent failures. You might want to remove any that are failing.
Steve
-
Interestingly today the original "bug" (or not) made a re-appearance. I had an alias that was working fine. It contained a nested aliases, and that stopped showing up in the table.
I increased the kern.threads.max_threads_per_proc from 4096 to 8192, and it started working. I also saw a whole new slew of FQDNs failing to resolve.
Curious, do you have any insight on intended design here, or the functionality of that tunable parameter? I'm guessing its not intended for resolution of aliases to fail if any of them fail to resolve?
And none of the aliases that I've been having trouble with have contained FQDN's that failed to resolve, they offending FQDNs have been in other aliases.
I'm not sure why that system tunable improves the situation. It was a suggestion I just blindly followed from the bug report thread. And increasing it was just a shot in the dark. I'll have to do more research.. maybe the failed resolutions are causing timeouts which result in the rest of the filter reload failing?
Guess I'll keep any eye on things and see if the issues persist.
-
Hmm, indeed that sysctl is not specific to this issue. That fact that increasing it allows it to run implies you have a very large number of threads. I would guess filterdns is trying to resolve all the fqdns and some are getting stuck and hitting that bug. You can probably see that in the process list. How many FQDNs do you have in aliases, approximately?
Steve
-
Looks like a little less than 150 FQDNs.
-
Hmm, not that many then. I wouldn't expect anything special required there.
There anything unusual about the FQDNs that are failing?
-
I've removed most of them at this point. My work around was working.. for a while. Doesn't seem to be anymore though. At a loss as to what to try now.
-
How many do you have remaining?
Are they all failing? Failing randomly? Anything logged?
Steve
-
I have about 25 aliases containing a FQDN. Logs report that none of them are failing.
However, aliases simply wont update. I have one where I've tried a nested alias, or adding the IP directly, and it simply doesn't update. It's been over a week without it updating.
The strangest thing is in the logs I can see it appear to be added successfully (e.g. Adding Action: pf table: ......)
-
Hmm. Does it update if you reboot?
-
Planning to give that a try as soon as I can take everything offline. Will give you an update.
-
Reboot fixed it. Usually would be a go to but the last go around reboots did not have any effect.
-
Hmm, odd. I would have to guess some stuck process maybe?
-
Maybe.. weird that some updated aliases were working fine though.
