[Solved] unbound unresponsive
-
I recently started doing VLANs on my Nokia IP390 running the latest pfSense 2.3.3. I am running 7 VLANs on one port and it seems to be working great, except one major issue.
53471 unbound 52 0 21372K 10692K crydev 0:17 0.00% /usr/local/sbin/unbound -c /var/unbound/unb
After about 5-10 minutes, unbound becomes unresponsive and the only way to fix it is to reboot the router, which then happens again. What would cause this? I try googling "crydev" and it comes up with nothing. I can't restart the process and it will not let me kill it.
-
What is the date on the 2.3.3 snapshot you're running? There were issues with snapshots over the weekend, make sure to update to a current snapshot and test again.
-
I am running 2.3.3.a.20160926.1930 at the moment. I'll bump it to the latest and check what happens.
Here is my VLAN layout:
em7 1
em7 10 Core VLAN
em7 20 Server VLAN
em7 30 VoIP VLAN
em7 40 Main VLAN
em7 50 Kids VLAN
em7 60 Media VLAN
em7 70 Public VLAN -
What hardware are you running?n/m I see now it's an older Nokia box.The "crydev" state appears to indicate that the process in question is attempting to use cryptographic accelerator hardware. Only place I can think of that would be relevant in unbound is with DNSSEC.
If there is some quirk with your hardware and a built-in accelerator, you might try disabling DNSSEC in unbound to see if it stabilizes.
-
That worked. It has been up for 40 minutes and it hasn't went into the "crydev" state.
Is there a way to disable the built-in accelerator so I can still use DNSSEC? Maybe turn the ubsec driver into a module? Or a feature to disable Crypto Acceleration in DNSSEC?
ubsec0 mem 0x88100000-0x8810ffff irq 11 at device 1.0 on pci8
ubsec0: Broadcom 5825 -
Maybe placing in /boot/loader.conf.local
hint.ubsec.0.disabled=1I had that idea after reading:
https://forums.freebsd.org/threads/14402/#post-84174
Where it is discussed how to disable a driver. -
Just a status update.
If you're using a Nokia IP390, like I am.. I would highly suggest disabling the ubsec driver by putting this line into your /boot/loader.conf.local file:
hint.ubsec.0.disabled=1After I did that, it has been quite stable and has not locked up for over a month.
