[Solved] unbound unresponsive
I recently started doing VLANs on my Nokia IP390 running the latest pfSense 2.3.3. I am running 7 VLANs on one port and it seems to be working great, except one major issue.
53471 unbound 52 0 21372K 10692K crydev 0:17 0.00% /usr/local/sbin/unbound -c /var/unbound/unb
After about 5-10 minutes, unbound becomes unresponsive and the only way to fix it is to reboot the router, which then happens again. What would cause this? I try googling "crydev" and it comes up with nothing. I can't restart the process and it will not let me kill it.
What is the date on the 2.3.3 snapshot you're running? There were issues with snapshots over the weekend, make sure to update to a current snapshot and test again.
I am running 2.3.3.a.20160926.1930 at the moment. I'll bump it to the latest and check what happens.
Here is my VLAN layout:
em7 10 Core VLAN
em7 20 Server VLAN
em7 30 VoIP VLAN
em7 40 Main VLAN
em7 50 Kids VLAN
em7 60 Media VLAN
em7 70 Public VLAN
What hardware are you running?n/m I see now it's an older Nokia box.
The "crydev" state appears to indicate that the process in question is attempting to use cryptographic accelerator hardware. Only place I can think of that would be relevant in unbound is with DNSSEC.
If there is some quirk with your hardware and a built-in accelerator, you might try disabling DNSSEC in unbound to see if it stabilizes.
That worked. It has been up for 40 minutes and it hasn't went into the "crydev" state.
Is there a way to disable the built-in accelerator so I can still use DNSSEC? Maybe turn the ubsec driver into a module? Or a feature to disable Crypto Acceleration in DNSSEC?
ubsec0 mem 0x88100000-0x8810ffff irq 11 at device 1.0 on pci8
ubsec0: Broadcom 5825
Maybe placing in /boot/loader.conf.local
I had that idea after reading:
Where it is discussed how to disable a driver.
Just a status update.
If you're using a Nokia IP390, like I am.. I would highly suggest disabling the ubsec driver by putting this line into your /boot/loader.conf.local file:
After I did that, it has been quite stable and has not locked up for over a month.