pfBlockerNG-devel TLD



  • @BBcan177 I haven't used TLD in the past but with my new hardware I turned it on. I have 8 gigs of memory and it runs in the 80% to 90% will this cause me issues with pfsense stability ? Should I turn TLD off ?

    I had snort installed but not really using it so uninstalled it. I also uninstalled ntopng hoping it would give me more memory but it's about the same.

    Other then it being higher then I am used to it seems to run fine.


  • Moderator

    @reg1982

    TLD memory usage is tied to the number of domains being blocked. So it all depends on how many Feeds you add to DNSBL. You can click on the Blue infoblock in the DNSBL Tab to show the recommended memory requirements for Unbound/TLD.

    There are some optional Feeds in the new pfBlockerNG-devel Feeds Management Tab that have Conservative and Aggressive Feeds from some of the Feed Sources. So the conservative feed would typically have less domains listed then the aggressive ones.

    Memory isn't that expensive ... and adding some more memory will yield benefit to allow for the full use of the TLD option. Also having memory sitting there doing nothing is a waste... So no point in trying to get 10-20% memory usage.

    You can run the following command from the shell to get a summary of memory usage:

    top -aSH
    

    When TLD is enabled, there is a significant benefit in wildcard blocking of malicious domains. Most DNSBL feed post the root domain for a malicious site. ie: example.com. So with TLD disabled, DNSBL will only block DNS resolution to example.com. So for ADverts this works fine since you typically just need to block the single sub-domain that is serving the ADverts. But typically, malicious sites host malware etc on sub-domains. So with TLD enabled, it will wildcard block the root domain and all sub-domains and thus protect your network from these domains fully!

    TLD is fully automated to wildcard block all root domains that are listed in the Feeds and not wildcard block any sub-domains that are listed in the Feeds.

    Other DNS Blockers will require manually adding wildcard blocking to get the TLD functionality, which will provide no benefit, since you would have to manually do that for all malicious domains and is not practical.

    You can reduce the TLD memory usage by blocking some TLDs such as cn or ru or top etc... So there will only be one zone entry in Unbound for the whole TLD, and it will remove all domains for these TLDs.

    You can find the worst TLDs here:
    https://www.spamhaus.org/statistics/tlds/
    http://toolbar.netcraft.com/stats/tlds

    More on TLD here:
    https://forum.netgate.com/topic/102967/pfblockerng-v2-1-w-tld/2

    Hope that helps!



  • @BBcan177 so I have "Mem: 5293M Active, 734M Inact, 3236K Laundry, 1055M Wired, 742M Buf, 764M Free
    Swap: 3881M Total, 94M Used, 3787M Free, 2% Inuse"

    This is a Qotom mini pc with one sodium memory slot. 8 gig was the max I could get. It seems to idle around 81% not sure if that will go up as more users are on my network.

    I am just wondering if it's hits 100% for some periods of time if this will cause issues.

    I remove squid as well and it went down to about 71% but I like squid for the built in virus scanner. I don't really need the proxy as I have a fast fiber internet connection but it's part of the package...

    If it stays at near 100% I will need try what you suggested with TLDs cn or ru... etc

    Thanks for the tips