Suricata causing unbound to crash
-
On three occasions now, when I am tweaking Suricata (suppressing an alert, toggling from alert to drop, etc.), unbound will crash. This last time, logs show several hundred entries from Suricata showing parsing errors and unknown rule errors. From there I am unable to access the GUI (i'm remote), then the next log entry is 3 hours later, which says unbound was killed; out of swap space. I have service watchdog running, but I asume it;s unable to get unbound restarted. The resolver log is massive and I can't view beyond 2000 entries so I can't see what happened. Needless to say, unbound crashing is extraordinarily inconvenient.
Can someone help me figure out what I have going on?In addition; Suricata won't start. The log entry is PHP ERROR: Type: 1, File: /usr/local/www/suricata/suricata_logs_browser.php, Line: 54, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 603218824 bytes)
-
Are you using DNS over TLS?
If so it could be this:
https://redmine.pfsense.org/issues/9059Steve
-
Interesting. Could be the issue, although I'd figure it would be being discussed here more often. It doesn't really seem to be random, but only when I am making adjustments within Suricata. But yes, I am using DNS of TLS.
-
Ah, then you should update unbound:
pkg upgrade unbound
It will pull in a new strongswan version with that.Or try a 2.4.5 dev snapshot which contains that.
Steve