RAM usage high

CreationGuy

I'm starting to play with pfBlockerNG on a test system that has 4GB RAM (I have this little as I am matching the 4100 that I want to buy).

When I added a list of about 1.9 million porn sites, the RAM usage went up to 55%.

Is that normal?

This is the list: https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list

I don't have the TLD option enable nor am I using categories. Unbound Python Mode is enabled. Regex turn on.

CreationGuy

I found another list, https://dbl.oisd.nl/nsfw/ that is smaller, my RAM usage is down to ~34%.

I really wish I could upgrade the RAM on the 4100.

Gertjan

@creationguy
Even if you had the RAM space so you could use xx zillion size DNS lists, you still do not want to do this. Other problems will pop up.
Python is already much faster as when tpfBlockerng-devel reloads unbound, but, still loading every host name in a xx xxx xxxx size file will take time. Time needed for every domain name lookup.

Some times is just easier to not to deal deal with the lists : I'll propose, for once, an external resolver like OpenDNS. Get an account with them, and activate the options you want, and have them deal with it.

And even that will no be a permanent solution. The porn lovers on your LAN will figure out that XyXyXVPN can help them, and you won't be able to see anything any more.

The best solution would be : don't give porn lovers access to your network ;)

And also : as long as it is porn, it isn't guns, knives, cocaine, human trade etc.

akuma1x

@creationguy That list is a raw approx. 50MB data file by the way. I would assume there's probably some pfsense overhead added to that, so memory increase is most likely normal.

CreationGuy

@gertjan said in RAM usage high:

@creationguy
Even if you had the RAM space so you could use xx zillion size DNS lists, you still do not want to do this. Other problems will pop up.
Python is already much faster as when tpfBlockerng-devel reloads unbound, but, still loading every host name in a xx xxx xxxx size file will take time. Time needed for every domain name lookup.

Some times is just easier to not to deal deal with the lists : I'll propose, for once, an external resolver like OpenDNS. Get an account with them, and activate the options you want, and have them deal with it.

And even that will no be a permanent solution. The porn lovers on your LAN will figure out that XyXyXVPN can help them, and you won't be able to see anything any more.

The best solution would be : don't give porn lovers access to your network ;)

And also : as long as it is porn, it isn't guns, knives, cocaine, human trade etc.

The block is for the kids, I don't want them to stumble across anything. While we are activley involved in teaching what is OK to look at and what isn't, accidents happen. We do have search engine safe mode forced as well.

I have considered having a VLAN set up for their devices and forcing a family safe DNS.

CreationGuy

I've updated the lists to be smaller. I've noticed that when pfBlockerNG updates, RAM usage stays at 49-50% for awhile. After a reboot, it goes down to 35-38%.

Is that normal? Suggestions other than a paid DNS service? Nothing to worry about?

akuma1x

@creationguy If you give them their own VLAN, or use DNS rules on your pfsense box so your "kid devices" get a specific DNS, you can use the free OpenDNS FamilyShield server settings.

https://support.opendns.com/hc/en-us/articles/228006487-FamilyShield-Router-Configuration-Instructions

CreationGuy

@akuma1x said in RAM usage high:

@creationguy If you give them their own VLAN, or use DNS rules on your pfsense box so your "kid devices" get a specific DNS, you can use the free OpenDNS FamilyShield server settings.

https://support.opendns.com/hc/en-us/articles/228006487-FamilyShield-Router-Configuration-Instructions

I am aware of that, this is not strictly for the porn list, I do have a few others for blocking such as ads, etc. I want these lists to affect all devices.

akuma1x

@creationguy You might not get all that you are looking for from a free DNS service, but for ad blocking, you could try the AdGuard public servers. I haven't used these guys, so it's simply from a google search.

https://adguard-dns.io/en/public-dns.html

CreationGuy

@akuma1x said in RAM usage high:

@creationguy You might not get all that you are looking for from a free DNS service, but for ad blocking, you could try the AdGuard public servers. I haven't used these guys, so it's simply from a google search.

https://adguard-dns.io/en/public-dns.html

I am not looking for an online service, I want to do this locally... hence my question about RAM usage. :)

provels

I wouldn't worry about RAM usage here. FreeBSD handles memory much more intelligently than Windows devices, for example. Things get cached and cleared as needed. If you're not running out and faulting, you're fine. After all, you paid for 100% of the memory, why not use it?

CreationGuy

@provels I'm used to Windows, when I see that I'm using up 50-60% of my RAM, it's time add more RAM... :)

I just don't want to spend $700 on a 4100 MAX and wish I had spent the extra $200 down the road when or if I need more RAM.

This machine is just a test desktop.