Very high Ram usage
-
im running pfsense 22.09 on a Hp 8300 sff.
with a I7 - 3770 and 16Gb of ram with standard pfBlockerNG-devel 3.1.0_4 setup.
And it totally trashes my memory to the point that if i dont stop it i will loose all contact to pfsense webgui and i will need to reboot.
-
@txdk 3.1.0_5 was just released for 2.6 CE. I would think a version for 22.05 would be coming shortly. Not sure what/when they release for dev versions of pfSense, haven't used any of those. _5 fixes a logging/CPU bug on 22.05. Might help you as well.
-
If you use large lists it could happen in unbound mode.
Switch to python mode in pfbocker and the amound of memory is signifikant lower. -
@nocling i have tryed both in standard mode and in unbound pyton mode theres no diffrence it takes 2-3 days to fill my ram and to crash my system witch makes PFblocker rather useless for me.
its the standard list i havnt changed anything there and concedering people is running it on systems with way less ram with no problems.
-
This :
is not normal.
There should be at most two instances of unbound running.
Not 7.I advise you to stop unbound in the GUI, goto console/ssh, and kill all the instances that are still running.
When done, start unbound in the GUI and check that there is one or two instances running.IMHO: the best thing to do is :
Use Python mode, as the unbound authors invented it so unbound can handle "huge"** DNSBL lists.
Memory usage is less.
unbound stops and starts (restarts) are faster.nevertheless, everything should be done to make unbound happy.
Using phyton mode is one thing.
This implies also :
Line 2 and 3 are very important !
I also advise to re download pfBlockerng-devel DNSBL and IP feeds one a week, not every hour, as these lists rarely change every hour. It's not a big deal you were missing just two DNSBL host names in a list of 100 000 for a day or two.
Doing all this, and unbound will only restart ones a week or so, and your pfSense becomes stable, DNS has no more issues, and you can start doing other things.
** don't be foolish. two, three hundred thousand is enough. Trying to get them all will cripple your pfSense as the entire list has to be walked through on every DNS request.
If you really want to go big, consider not using pfBlockerng-devel, but a dedicated pihole system on steroids. -
@gertjan said in Very high Ram usage:
This :
is not normal.
There should be at most two instances of unbound running.
Not 7.if i stop it via the gui it will kill all instances of unbound.
and when restarted there will be 8 instances of unbound.my cpu does have 4 cores and 4 hypertread cores making it 8 in total
and i am using pyton mode in PfblockerNG thats the only change i have made to pfblocker no big lists or anything just standard with Pyton activated
-
@txdk said in Very high Ram usage:
my cpu does have 4 cores and 4 hypertread cores making it 8 in total
I guess I learned something.
A process per core : why not. Although I see on my '4100', a 2 core atom, mostly one bound thread, not two.
I'm actually not sure that all your unbound instances are separate memory spaces, as they all have the same PID : 45676.So : to be sure : shut down pfBlocker, the DNSBL part : if memory goes down a lot, and stays down, over a day or so, you know it is pfBlocker. And in that case : RAM usage is related to 'how many DNSBL you have'.
