Bug #14061
-
This bug is still an issue and causes the infamous "PHP Fatal error: Allowed memory size of 536870912 bytes exhausted" in the GUI and on the CLI. When running BIND with RPZ feeds and pfBlocker-NG with GEO blocking only (no DNSBL). Like clockwork, it will create bug #14061. I can recover /etc/inc/config.ini re-install BIND and then pfBlockerNG is slow to re-install. As soon as it completes - BAM, dead system. I have an 8GB machine and I've allocated 4GB to PHP via System --> Advanced --> Misc and 2GB to BIND. Status Monitoring shows plenty of free memory. I'm happy to send along my config.xml.
-
@InsiderRisk and what version of pfsense are you running?
-
2.7.2, latest and greatest. It is purely a BIND package issue. I did not have pfBlockerNG installed this time. I deleted an RPZ zone and I'm back to zero and reinstalling. It seems like the BIND package is not paying attention to the PHP memory setting. Is there a way to remove the BIND package from the CLI to avoid a reinstall?
I have 2 RPZ feeds, 1 is 175MB, 1 is empty. When I deleted the empty RPZ it crashed. This also kills the CLI and PHP fails to work, only #8-Shell functions from this moment forward.Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 269246824 bytes) in /etc/inc/config.lib.inc on line 112 PHP ERROR: Type: 1, File: /etc/inc/config.lib.inc, Line: 112, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 269246824 bytes) Fatal error: Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135 Stack trace: #0 /etc/inc/notices.inc(135): fopen('', 'w') #1 /etc/inc/config.lib.inc(1154): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #2 [internal function]: pfSense_clear_globals() #3 {main} thrown in /etc/inc/notices.inc on line 135
-
OK, I do a viconfig and try to remove everything BIND related. I get to the bottom and <resultconfig>xxxxxx</resultconfig> is massive. This actually killed the VI editor. Maybe don't store RPZ configs in the config.xml and don't try to load them up in the UI. These can be gigabytes in size. If "Response Policy Zone" is checked, keep it out of the UI and Config and don't read in the related zone files. The current config.xml file is 269MB.
-
@InsiderRisk
Ah, ok, so not a pfSense problem, but a package (pfSense Bind package) problem.@InsiderRisk said in Bug #14061:
When running BIND with RPZ feeds
You 'paste' in the GUI part of the bind package the details of a 'DNSBL' ?
Yeah, that's not good at all .... the config.xml will become to big to be handled by the GUI config parser.
What about putting all the DNSBL info in a file, and have the bind config set up so it includes that file ?
( just brainstorming here )@InsiderRisk said in Bug #14061:
Allowed memory size of 536870912 bytes exhausted (tried to allocate 269246824 bytes)
So PHP had env. half a Gbytes available, and it wanted 250 Mbytes more .... that a huge config file.
Direct advise : don't do that again. This file gets updated a lot, and if every time pfSense has to write out that 'close to 1 GBytes' that can't be a good thing.If you need to include this DNSBL, I would ask pfBlockerng to do that, as it was meant to be used like that.
-
It seems far more likely that exhausting the available PHP memory causes #14061 rather than the other way around.
This seems like a bug in the bind package and should be reported separately. If it hasn't been already.
Steve
-
S stephenw10 moved this topic from Problems Installing or Upgrading pfSense Software on
