Unbound DNS Over TLS Memory Leak
-
https://redmine.pfsense.org/issues/9059
-
Thanks for the information
-
Sorry guys, I thought I deleted my post because I made it in haste and then went to check redmine and found it was slated for 2.4.4-p1.
-
Is there an easy way to use the package manager to pull in the newer unbound? I see it mentioned in the bug but I'm not sure how to do that. I've just been restarting unbound every few days.
-
It is built on 2.4.5 snapshots but not something you can pull into 2.4.4 easily right this moment. You could play tricks with the pkg repo or install it directly but I wouldn't recommend doing that just yet.
I haven't seen any fallout from the upgrade on 2.4.5 snapshots so if other devs agree I may pick the change back so it will show up for 2.4.4 users. In that case it should then be possible to update with a simple
pkg upgrade unbound
command. -
The new package is up. You can install it with
pkg update; pkg upgrade unbound
from a shell prompt (NOT from Diag > Command).I'd test it out first on something non-production just in case, but I haven't had any problems here in my tests.
-
Looks like it's working here OK. I'll post back if I see any issues. Thank you for your help.
-
@jimp it updated on the intel pfsense units but not arm. has it been sent out for both?
-
Should be up there, now. Check again.
-
@jimp Got it. Thanks.
-
@jimp said in Unbound DNS Over TLS Memory Leak:
I'd test it out first on something non-production just in case, but I haven't had any problems here in my tests.
Unbound is only serving requests from a single thread after I updated to Unbound to 1.8.1: https://forum.netgate.com/topic/138274/unbound-1-8-1-only-single-thread-processing-dns-requests