DNS Resolver crash - memory usage
-
Hello,
I'm having an issue with unbound on pfSense 2.6.0, maybe its caused by the dev version and the rest isn't worth reading?I've ran unbound for a while (including on 2.6.0, today I'm on 2.6.0.a.20210825.0100) which is used by 4 interfaces, uses 2 VPN interfaces for Outgoing connections, with Python mode enabled and using pfb_unbound with Pre Validator, I'm using SSL/TLS for outgoing queries which points to 1.1.1.1 and 1.0.0.1 respectively.
Apart from that the config is pretty standard out of the box, I have defined a Domain Override for a local domain, which points to a DNS resolver at 192.68.1.6.
pfBlocker is enabled for IP and DNSBL, with roughly 1.8 Mil domains in the lists. Everything was running well for a while and then one day, unbound continually began crashing every 5 mins - 2 hours. There's no consistency with the timing of the crash, I thought it coincided with the pfBlocker Cron Job but that wasn't the case.
When I restart unbound, the process sits about 1.5GB memory (I have 4GB in the box), then rapidly ramps up to circa 3GB, exhausts the RAM and SWAP, then crashes again.. with this error in the System Log:
Aug 25 22:55:40 kernel pid 48522 (unbound), jid 0, uid 59, was killed: out of swap space
Aug 25 22:55:35 kernel swap_pager_getswapspace(32): failedAs I write this, unbound has been running for a couple of mins at 1.5GB, with no issues, resolving DNS queries, with not too much pressure on the box from other services.
I've attempted some basic steps to see if I can find a way to stop it, clearing log files, stopping other potentially hungry services, reducing the cache size, lowering the number of outgoing interfaces, removing pfBlocker lists and the TLD Allow options.
Everything I've tried is off the back of other posts about "unbound high mem usage" or "unbound memory leak" but I'm really stuck with this now and wondering if anyone else has had something similar?