Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] unbound unresponsive

    Scheduled Pinned Locked Moved 2.3.3 Development Snapshots
    7 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Simba7
      last edited by

      I recently started doing VLANs on my Nokia IP390 running the latest pfSense 2.3.3. I am running 7 VLANs on one port and it seems to be working great, except one major issue.

      53471 unbound    52    0 21372K 10692K crydev  0:17  0.00% /usr/local/sbin/unbound -c /var/unbound/unb

      After about 5-10 minutes, unbound becomes unresponsive and the only way to fix it is to reboot the router, which then happens again. What would cause this? I try googling "crydev" and it comes up with nothing. I can't restart the process and it will not let me kill it.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What is the date on the 2.3.3 snapshot you're running? There were issues with snapshots over the weekend, make sure to update to a current snapshot and test again.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          Simba7
          last edited by

          I am running 2.3.3.a.20160926.1930 at the moment. I'll bump it to the latest and check what happens.

          Here is my VLAN layout:

          em7 1
          em7 10 Core VLAN
          em7 20 Server VLAN
          em7 30 VoIP VLAN
          em7 40 Main VLAN
          em7 50 Kids VLAN
          em7 60 Media VLAN
          em7 70 Public VLAN

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            What hardware are you running? n/m I see now it's an older Nokia box.

            The "crydev" state appears to indicate that the process in question is attempting to use cryptographic accelerator hardware. Only place I can think of that would be relevant in unbound is with DNSSEC.

            If there is some quirk with your hardware and a built-in accelerator, you might try disabling DNSSEC in unbound to see if it stabilizes.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              Simba7
              last edited by

              That worked. It has been up for 40 minutes and it hasn't went into the "crydev" state.

              Is there a way to disable the built-in accelerator so I can still use DNSSEC? Maybe turn the ubsec driver into a module? Or a feature to disable Crypto Acceleration in DNSSEC?

              ubsec0 mem 0x88100000-0x8810ffff irq 11 at device 1.0 on pci8
              ubsec0: Broadcom 5825

              1 Reply Last reply Reply Quote 0
              • J
                JorgeOliveira
                last edited by

                Maybe placing in /boot/loader.conf.local

                hint.ubsec.0.disabled=1
                

                I had that idea after reading:
                https://forums.freebsd.org/threads/14402/#post-84174
                Where it is discussed how to disable a driver.

                My views have absolutely no warranty express or implied. Always do your own research.

                1 Reply Last reply Reply Quote 0
                • S
                  Simba7
                  last edited by

                  Just a status update.

                  If you're using a Nokia IP390, like I am.. I would highly suggest disabling the ubsec driver by putting this line into your /boot/loader.conf.local file:

                  hint.ubsec.0.disabled=1
                  

                  After I did that, it has been quite stable and has not locked up for over a month.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.