DNS resolver not starting

stephenw10

Basically: configure packages correctly.

When we see that it's almost always because some package is not rotating it's logs correctly ir has been set to unlimited log or cache size somewhere.

pfSense itself has size limited logs so you should not see that grow much beyond that value unless you have specifically set them larger.

Steve

Waqar.UK

Cheers Stephen!!

I would like to re-install Snort and PfgBlocker. Where these packages logs kept?
Since I would like to keep logs from taking up too much space.

stephenw10

In /var/log. I would recommend checking and saving the log settings on each package even if you make no changes to be sure they are using them.
In Snort I would set an overall log directory size limit as well and the limits on individual logs.

Steve

Waqar.UK

Thanks as I am currently using Pfsense with no added packages. But as you have stated to limit the log files as to prevent this occurring again.
What is the good size limits on these log files as to keep the add on functioning at their best?
Also my SSD is showing 96% health after about 2 years usage. Is there a way to prevent this from getting worse?

stephenw10

The default log sizes are generally fine. If you have some specific need to log more or maybe your system is particularly busy so the default 512K does not span enough time then you can increase them. I would start out by doubling them to 1M or maybe 2M. But 10M logs is not that unusual and any current drive is going to be easily large enough to accommodate that.

But the biggest things you can do to reduce disk writes if you are seeing excessive wear is to enable RAM drives:
https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#ram-disk-settings
Doing that will generally leave far less space for logs since the log files are on /var
I generally use double the default size so 80MB and 120MB for the drives. 10M logs files are not going to fit there but 1M or 2M will.

The other thing to check is that the root slice is mounted 'noatime'. If you just re-installed it should be but it may not have been previously because: https://redmine.pfsense.org/issues/9483
Run at the CLI mount. You should see / mounted noatime like:

/dev/diskid/DISK-9E18E959s2a on / (ufs, local, noatime, journaled soft-updates)
devfs on /dev (devfs, local)
/dev/diskid/DISK-9E18E959s1 on /boot/u-boot (msdosfs, local, noatime)
/dev/md0 on /tmp (ufs, local)
/dev/md1 on /var (ufs, local)
devfs on /var/dhcpd/dev (devfs, local)

I have ramdisks enabled on that system too.

Steve

Waqar.UK

@stephenw10 said in DNS resolver not starting:

The default log sizes are generally fine. If you have some specific need to log more or maybe your system is particularly busy so the default 512K does not span enough time then you can increase them. I would start out by doubling them to 1M or maybe 2M. But 10M logs is not that unusual and any current drive is going to be easily large enough to accommodate that.
But the biggest things you can do to reduce disk writes if you are seeing excessive wear is to enable RAM drives:
https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#ram-disk-settings
Doing that will generally leave far less space for logs since the log files are on /var
I generally use double the default size so 80MB and 120MB for the drives. 10M logs files are not going to fit there but 1M or 2M will.
The other thing to check is that the root slice is mounted 'noatime'. If you just re-installed it should be but it may not have been previously because: https://redmine.pfsense.org/issues/9483
Run at the CLI mount. You should see / mounted noatime like:
/dev/diskid/DISK-9E18E959s2a on / (ufs, local, noatime, journaled soft-updates)
devfs on /dev (devfs, local)
/dev/diskid/DISK-9E18E959s1 on /boot/u-boot (msdosfs, local, noatime)
/dev/md0 on /tmp (ufs, local)
/dev/md1 on /var (ufs, local)
devfs on /var/dhcpd/dev (devfs, local)

I have ramdisks enabled on that system too.
Steve

Thanks a lot. I will increase my RAM disks as I have 8GB RAM in my Qotom box.

Gertjan

Keep in mind that the content of ram disk is gone when the system powers down.

Waqar.UK

This post is deleted!

Waqar.UK

This post is deleted!

Waqar.UK

@Gertjan

I have set it to this and re-booted Pfsense.
If I add packages such as Snort & Pfgblocker, will this amount of RAM disk settings be enough? I have 8GB RAM in my Pfsense box.

stephenw10

You don't need them anywhere near that large.

The RAM disks are backed up and restored across a reboot. You only lose the contents if the box is rebooted unexpectedly.

Steve

Waqar.UK

OK thanks a lot.

Waqar.UK

OK, thanks a lot. I will reduce the RAM size.