TLD Domain count exceeded
-
ok.
At the moment I have not detected any slowness in DNS resolution
Could it be a solution to increase the RAM of my system? Or does PHP see at most a certain fixed maximum amount of RAM?If I increase the system RAM to 32GB, will PHP be able to use more RAM than now?
-
@Unoptanio Per the blue (i) icon in pfBlocker here:
"Once the TLD Domain limit below is exceeded, the balance of the Domains will be listed as-is. IE: Blocking only the listed Domain (Not Sub-Domains)
TLD Domain Limit Restrictions:< 1.0GB RAM - Max 100k Domains < 1.5GB RAM - Max 150k Domains < 2.0GB RAM - Max 200k Domains < 2.5GB RAM - Max 250k Domains < 3.0GB RAM - Max 400k Domains < 4.0GB RAM - Max 600k Domains < 5.0GB RAM - Max 1.0M Domains < 6.0GB RAM - Max 1.5M Domains < 7.0GB RAM - Max 2.5M Domains > 7.0GB RAM - > 2.5M Domains"...so at a limit of 4 million I guess you have a lot of RAM. :) Without looking into the code I guess you can try it? I would have read that list as it stops at 2.5 million.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote π helpful posts! -
-
This post is deleted! -
-
@Unoptanio re: "table-entries hard limit", what is your setting of "System > Advanced > Firewall & NAT > Firewall Maximum Table Entries"? Looks like you'd need it to be at least 4.9 million to fit 4806104 entries.
(note pfSense has a longstanding bug where the sentence "On this system the default size is: ___" always shows whatever number you've entered, if you've entered a custom number)
-
-
@Unoptanio Assuming your router has enough RAM, change the 400,000 to a higher number.
Actually per https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-maximum-table-entries it says twice the number you need so I guess 9 million for you.
-
-
I did a test now with a value of Firewall Maximum Table Entries 6,000,000 but it didn't solve the problem.
The number of X is always the same
-
@Unoptanio Not sure what to tell you. According to the pfBlocker directions I posted above, over 7 GB RAM should be limited to 2.5 million domains. You may need to find the code in pfBlocker that is setting the limit to 4 million and/or add RAM to your router.
-
S SteveITS referenced this topic on
-
ProverΓ² ad acquistare altra ram
I will try to buy more RAM
my current ram consumption is around 50% -
Resolved
Extract from /usr/local/pkg/pfblockerng/pfblockerng.inc
// Determine max Domain count available for DNSBL TLD analysis (Avoid Unbound memory exhaustion) $pfs_memory = (round(get_single_sysctl('hw.physmem') / (1024*1024)) ?: 1000); if (!$pfb['dnsbl_py_blacklist']) { $pfb['pfs_mem'] = array( '0' => '100000', '1500' => '150000', '2000' => '200000', '2500' => '250000', '3000' => '400000', '4000' => '600000', '5000' => '1000000', '6000' => '1500000', '7000' => '2000000', '8000' => '2500000', '12000' => '3000000', '16000' => '4000000', '32000' => '8000000'); } else { $pfb['pfs_mem'] = array( '0' => '200000', '1500' => '300000', '2000' => '400000', '2500' => '500000', '3000' => '800000', '4000' => '1200000', '5000' => '2000000', '6000' => '3000000', '7000' => '4000000', '8000' => '5000000', '12000' => '6000000', '16000' => '8000000', '32000' => '16000000'); } foreach ($pfb['pfs_mem'] as $pfb_mem => $domain_max) { if ($pfs_memory >= $pfb_mem) { $pfb['domain_max_cnt'] = $domain_max; } }change "'7000' => '2000000'" and "'7000' => '4000000'" to "'7000' => '6000000'" in both sets.
change "'8000' => '2500000'" and "'8000' => '5000000'" to "'8000' => '6000000'" in both sets.
Update Reload | DNSBL after making these changes.
