Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver crash - memory usage

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 274 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vents22
      last edited by Vents22

      Hello,
      I'm having an issue with unbound on pfSense 2.6.0, maybe its caused by the dev version and the rest isn't worth reading?

      I've ran unbound for a while (including on 2.6.0, today I'm on 2.6.0.a.20210825.0100) which is used by 4 interfaces, uses 2 VPN interfaces for Outgoing connections, with Python mode enabled and using pfb_unbound with Pre Validator, I'm using SSL/TLS for outgoing queries which points to 1.1.1.1 and 1.0.0.1 respectively.

      Apart from that the config is pretty standard out of the box, I have defined a Domain Override for a local domain, which points to a DNS resolver at 192.68.1.6.

      pfBlocker is enabled for IP and DNSBL, with roughly 1.8 Mil domains in the lists. Everything was running well for a while and then one day, unbound continually began crashing every 5 mins - 2 hours. There's no consistency with the timing of the crash, I thought it coincided with the pfBlocker Cron Job but that wasn't the case.

      When I restart unbound, the process sits about 1.5GB memory (I have 4GB in the box), then rapidly ramps up to circa 3GB, exhausts the RAM and SWAP, then crashes again.. with this error in the System Log:

      Aug 25 22:55:40 kernel pid 48522 (unbound), jid 0, uid 59, was killed: out of swap space
      Aug 25 22:55:35 kernel swap_pager_getswapspace(32): failed

      As I write this, unbound has been running for a couple of mins at 1.5GB, with no issues, resolving DNS queries, with not too much pressure on the box from other services.

      48ef095b-426d-47b3-ad33-81402edc3b2c-image.png

      I've attempted some basic steps to see if I can find a way to stop it, clearing log files, stopping other potentially hungry services, reducing the cache size, lowering the number of outgoing interfaces, removing pfBlocker lists and the TLD Allow options.

      Everything I've tried is off the back of other posts about "unbound high mem usage" or "unbound memory leak" but I'm really stuck with this now and wondering if anyone else has had something similar?

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.