[Solved] unbound unresponsive

  • I recently started doing VLANs on my Nokia IP390 running the latest pfSense 2.3.3. I am running 7 VLANs on one port and it seems to be working great, except one major issue.

    53471 unbound    52    0 21372K 10692K crydev  0:17  0.00% /usr/local/sbin/unbound -c /var/unbound/unb

    After about 5-10 minutes, unbound becomes unresponsive and the only way to fix it is to reboot the router, which then happens again. What would cause this? I try googling "crydev" and it comes up with nothing. I can't restart the process and it will not let me kill it.

  • Rebel Alliance Developer Netgate

    What is the date on the 2.3.3 snapshot you're running? There were issues with snapshots over the weekend, make sure to update to a current snapshot and test again.

  • I am running 2.3.3.a.20160926.1930 at the moment. I'll bump it to the latest and check what happens.

    Here is my VLAN layout:

    em7 1
    em7 10 Core VLAN
    em7 20 Server VLAN
    em7 30 VoIP VLAN
    em7 40 Main VLAN
    em7 50 Kids VLAN
    em7 60 Media VLAN
    em7 70 Public VLAN

  • Rebel Alliance Developer Netgate

    What hardware are you running? n/m I see now it's an older Nokia box.

    The "crydev" state appears to indicate that the process in question is attempting to use cryptographic accelerator hardware. Only place I can think of that would be relevant in unbound is with DNSSEC.

    If there is some quirk with your hardware and a built-in accelerator, you might try disabling DNSSEC in unbound to see if it stabilizes.

  • That worked. It has been up for 40 minutes and it hasn't went into the "crydev" state.

    Is there a way to disable the built-in accelerator so I can still use DNSSEC? Maybe turn the ubsec driver into a module? Or a feature to disable Crypto Acceleration in DNSSEC?

    ubsec0 mem 0x88100000-0x8810ffff irq 11 at device 1.0 on pci8
    ubsec0: Broadcom 5825

  • Maybe placing in /boot/loader.conf.local


    I had that idea after reading:
    Where it is discussed how to disable a driver.

  • Just a status update.

    If you're using a Nokia IP390, like I am.. I would highly suggest disabling the ubsec driver by putting this line into your /boot/loader.conf.local file:


    After I did that, it has been quite stable and has not locked up for over a month.

Log in to reply