Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sudden High Memory Usage and DNS issues With New ISP

    Scheduled Pinned Locked Moved pfBlockerNG
    11 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 9
      90Ninety
      last edited by

      So since I had changed my ISP Modem and Line (From business to Residential) My PF sense has been acting strange and I am starting to pull out my hair

      Previously it had been working ok , I had PF sense box ( 1037u Celeron, 6GB RAM , Dual Realtek NIC) running PF sense 2.5.1 , PF blocker Version 3.0.0_16 . I had a simple Modem to PF sense connection , the ISP issued DHCP and Internet pages were blocked Via IP and DNSBL

      Suddenly since replacing the new Modem , my PF sense just crashed , after a few hours use . After restarting I see that the Memory usage was at 100% .
      I upgraded the box to 2.5.2 but this made no difference .
      At this point I figured trying to put together a new box with PF sense 2.5.2 and PF blocker 3.0.0_16 , with a Skylake G4560 and 8GB DDR4 RAM , 128GB SSD (Intel LAN NIC & Realtek PCIE NIC ) . I backed up and restored the settings
      There are still problems , soon after I enable DNSBL the memory usage creeps to 100% and stops responding to webpage requests .
      From Client I can ping external IP addresses but not websites ( DNS issue)
      I had since tried :
      Removing DNSBL lists
      Disabling/Re-enabling TLD , helps a little but memory usage still creeps up (just a little slower) , seemingly during a cron job and the PF sense eventually becomes unresponsive and website names fail to resolve ( can still ping website IP though )

      PR 1 lists are enabled , with 3-4 checkboxes on the Shallist and UT1 ( Porn/Phising/Malware)
      IP/DNSBL Lists are as follows
      (ip dnsbl.png

      Any help with this would be appreciated

      9 1 Reply Last reply Reply Quote 1
      • 9
        90Ninety @90Ninety
        last edited by

        When Disabling TLD Wildcard , Clients can successfully resolve websites and access pages but , I loose many of the subdomain blocking that worked before

        Cron tasks also finish with any 'non responding' , with TLD disabled

        Problem is many sites are not blocked without TLD

        1 Reply Last reply Reply Quote 1
        • V
          Vents22
          last edited by

          I have exactly the same issue too. With pfBlocker disabled, Unbound will run at 100MB ram ish, with it enabled, it eventually ends up at 2.5GB then crashes.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @Vents22
            last edited by Gertjan

            @both :
            Using pfBlockerNG-devel 3.1.0 , right ?

            edit : if these posts were posted where they belong, you would have found the very first post on that forum that says :

            "pfBlockerNG-devel v3.1.0_0 is out".

            Reading that post would also explain why : see here.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            V 1 Reply Last reply Reply Quote 0
            • V
              Vents22 @Gertjan
              last edited by

              @gertjan Yeah I'm using 3.1.0, I've followed the instructions on the page too but I'm still having an issue. Soon after enabling pfBlocker DNSBL, Unbound memory usage goes off the chart, then crashes. Fine with DNSBL disabled, RAM usage stays around 50MB

              GertjanG 9 2 Replies Last reply Reply Quote 0
              • GertjanG
                Gertjan @Vents22
                last edited by

                @vents22

                DNSBL :
                unbound mode ?
                python mode ?

                I'm using python mode myself for the last 6 months or so.
                Rock solid.

                0773e348-5ded-494d-8f63-6406d82c803b-image.png

                Check out the conditions.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • 9
                  90Ninety @Vents22
                  last edited by

                  @vents22

                  I found a workaround , I simply unchecked the Shalla List and UT1 Lists , instead I tried different DNSBL providers . Now RAM/CPU usage is back to 5-10%

                  THis does not explain the problem in the first place though . It seems the UT1/Shallalist is too big with TLD enabled I guess.

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @90Ninety
                    last edited by Gertjan

                    @90ninety said in Sudden High Memory Usage and DNS issues With New ISP:

                    Shalla List and UT1 Lists

                    You selected all the option ??

                    I'm using 'just' two of them :

                    337d8903-9e75-4da5-8c69-65d26cf5b2bf-image.png

                    are about 30000 DNSBL entries. That "30k" domain names.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    V 1 Reply Last reply Reply Quote 0
                    • V
                      Vents22 @Gertjan
                      last edited by

                      @gertjan I'm still stuck with the same issue, I re-enabled DNSBL with Python mode, disabled UTL and Shallalist, enabled one Category with 10k domains and TLD disabled.

                      f636d6b5-efb0-4679-bf67-4d5091790ebb-image.png

                      Sure enough, unbound Mem usage shot up to 400Mb immediately then roughly an hour later...

                      ff3f3b8f-ce5e-455c-a8fc-07a8e624a194-image.png

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @Vents22
                        last edited by

                        @vents22

                        Humm, can't really tell what your pfSense is doing.

                        Look here :

                        42b34b75-db09-453b-bf64-91cd08973b72-image.png

                        Disable all pfBLockerNG, and test some days.
                        Then activate pfBBlokcerNG, with, for example, only IP lists.
                        Then add just one DNSBL, and test again for a couple of days.

                        Keep looking at the monitoring.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        V 1 Reply Last reply Reply Quote 0
                        • V
                          Vents22 @Gertjan
                          last edited by

                          @gertjan thanks for the heads up! I left everything running for a week with python mode enabled in Unbound, pfBlocker IP enabled and DNSBL disabled… ran like a charm.

                          Enabled DNSBL last night with one Feed with 10k ish domains, so a pretty small list. Here’s the memory usage, staying consistent until I flipped the switch, within an hour unbound crashed with no obvious log.

                          3022C956-ACAC-4CAF-8EF4-B30877CCB14B.png

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.