Sudden High Memory Usage and DNS issues With New ISP
-
So since I had changed my ISP Modem and Line (From business to Residential) My PF sense has been acting strange and I am starting to pull out my hair
Previously it had been working ok , I had PF sense box ( 1037u Celeron, 6GB RAM , Dual Realtek NIC) running PF sense 2.5.1 , PF blocker Version 3.0.0_16 . I had a simple Modem to PF sense connection , the ISP issued DHCP and Internet pages were blocked Via IP and DNSBL
Suddenly since replacing the new Modem , my PF sense just crashed , after a few hours use . After restarting I see that the Memory usage was at 100% .
I upgraded the box to 2.5.2 but this made no difference .
At this point I figured trying to put together a new box with PF sense 2.5.2 and PF blocker 3.0.0_16 , with a Skylake G4560 and 8GB DDR4 RAM , 128GB SSD (Intel LAN NIC & Realtek PCIE NIC ) . I backed up and restored the settings
There are still problems , soon after I enable DNSBL the memory usage creeps to 100% and stops responding to webpage requests .
From Client I can ping external IP addresses but not websites ( DNS issue)
I had since tried :
Removing DNSBL lists
Disabling/Re-enabling TLD , helps a little but memory usage still creeps up (just a little slower) , seemingly during a cron job and the PF sense eventually becomes unresponsive and website names fail to resolve ( can still ping website IP though )PR 1 lists are enabled , with 3-4 checkboxes on the Shallist and UT1 ( Porn/Phising/Malware)
IP/DNSBL Lists are as follows
(
Any help with this would be appreciated
-
When Disabling TLD Wildcard , Clients can successfully resolve websites and access pages but , I loose many of the subdomain blocking that worked before
Cron tasks also finish with any 'non responding' , with TLD disabled
Problem is many sites are not blocked without TLD
-
I have exactly the same issue too. With pfBlocker disabled, Unbound will run at 100MB ram ish, with it enabled, it eventually ends up at 2.5GB then crashes.
-
@both :
Using pfBlockerNG-devel 3.1.0 , right ?edit : if these posts were posted where they belong, you would have found the very first post on that forum that says :
"pfBlockerNG-devel v3.1.0_0 is out".
Reading that post would also explain why : see here.
-
@gertjan Yeah I'm using 3.1.0, I've followed the instructions on the page too but I'm still having an issue. Soon after enabling pfBlocker DNSBL, Unbound memory usage goes off the chart, then crashes. Fine with DNSBL disabled, RAM usage stays around 50MB
-
DNSBL :
unbound mode ?
python mode ?I'm using python mode myself for the last 6 months or so.
Rock solid.
Check out the conditions.
-
I found a workaround , I simply unchecked the Shalla List and UT1 Lists , instead I tried different DNSBL providers . Now RAM/CPU usage is back to 5-10%
THis does not explain the problem in the first place though . It seems the UT1/Shallalist is too big with TLD enabled I guess.
-
@90ninety said in Sudden High Memory Usage and DNS issues With New ISP:
Shalla List and UT1 Lists
You selected all the option ??
I'm using 'just' two of them :
are about 30000 DNSBL entries. That "30k" domain names.
-
@gertjan I'm still stuck with the same issue, I re-enabled DNSBL with Python mode, disabled UTL and Shallalist, enabled one Category with 10k domains and TLD disabled.
Sure enough, unbound Mem usage shot up to 400Mb immediately then roughly an hour later...
-
Humm, can't really tell what your pfSense is doing.
Look here :
Disable all pfBLockerNG, and test some days.
Then activate pfBBlokcerNG, with, for example, only IP lists.
Then add just one DNSBL, and test again for a couple of days.Keep looking at the monitoring.
-
@gertjan thanks for the heads up! I left everything running for a week with python mode enabled in Unbound, pfBlocker IP enabled and DNSBL disabled… ran like a charm.
Enabled DNSBL last night with one Feed with 10k ish domains, so a pretty small list. Here’s the memory usage, staying consistent until I flipped the switch, within an hour unbound crashed with no obvious log.
