unbound crashing... chapter 25478

t0m77

Hi

Not really a bug report, just my state of mind and thoughts, and I'd like to know what yours are.

2.4, 2.5, 2.6, 2.7.0, then 2.7.1... and this damn unbound keep on crashing. Every hour, or 4 hours or once a day. But it keep on crashing.
And we are so used to it, we read so many threads about it, tried so many "fix" that never worked.... that we don't really care anymore to try to do something about it, just restarting the service manually when we notice that internet is broken (because the config to restart it automatically doesn't work either...)

That's really the ONLY pfsense component that never really worked without issues. For years...

Now I am just wondering if the majority of people disabled it and installed BIND instead and if its what I should do.
But if so, why ??? I mean, a DNS server is a major component of a router/firewall device. So why does the one bundled with pfsense is still so defective, and why they just don't switch it for BIND instead if it works flawlessly, directly in the core ?

Your opinions ?

Bob.Dig

@t0m77 said in unbound crashing... chapter 25478:

Your opinions ?

Your a member of an absolute minority. For almost all users unbound is working just fine.
You and a few others have their problem elsewhere.

t0m77

@Bob-Dig thank you.
I have read so much stuff here and elsewhere that it gave me the impression that it is a general issue. I might be wrong then

jrey

@t0m77 said in unbound crashing... chapter 25478:

Your opinions ?

Crashing how? Do you mean just restarting?

Every hour, or 4 hours or once a day.

DNSBL, reloading on a schedule perhaps?

unbound can run for days here if there are no changes required in DNSBL (scheduled or otherwise)

t0m77

@jrey

That kind of stuff

Nov 26 11:33:19 	kernel 		pid 97834 (unbound), jid 0, uid 59, was killed: failed to reclaim memory
Nov 26 11:00:12 	kernel 		pid 15766 (unbound), jid 0, uid 59, was killed: failed to reclaim memory
Nov 26 08:11:54 	kernel 		pid 82126 (unbound), jid 0, uid 59, was killed: failed to reclaim memory

Just the very fresh one. (ie non exhaustive list).

jrey

@t0m77

see if anything in here helps

https://forum.netgate.com/topic/184130/23-09-unbound-killed-failing-to-reclaim-memory/13?_=1700996104238

t0m77

@jrey
I did.
My unbound message cache is set to the min (4MB) like the fix gave in that thread. And contrarily to the user that found a solution, he has 1Gb RAM on his device, I have 4Gb.
That doesn't change anything.

The RAM used on my pfsense rarely goes up to 50%
80% is usually the max when its booting or intensive stuff is running, like DNSBL changes, or when I've got 5-10 users streaming videos from my servers.

That's the last 7 days of RAM usage.

There's a hole for yesterday because I had issues upgrading and had to reflash. Everything before the hole is 2.7.0, and after is 2.7.1

That's today

the 2 first peaks is DNSBL reloading (every 8 hours)

I have not investigated what the 11:00 peak was. I dont care. Its normal stuff on a firewall. There were still plenty of RAM available anyway. And that shouldn't crash the DNS server !

And when the last crash occured

Nov 26 11:33:19 	kernel 		pid 97834 (unbound), jid 0, uid 59, was killed: failed to reclaim memory

It was like a very calm Sunday morning, and there was 3GB ram available. So this cant be linked to a lack of free resources.

But moreover, as I said this isn't the only issue. I've got different issues with unbound for years. And I know that Netgate knows there's an issue with it on some devices.

My pfsense works like a charm, and it does intensive stuff. Only this damn unbound do crash.

Live situation on top, and Last 6 hours on graphs

t0m77

Ieft 2 hours for some shopping.

I come back, quick peek on the dashboard.... "surprisingly", the Unbound service was down again.
I start it manually.
Then I go inspect the logs
Observe:

I only see my starting action I just did now. No trace of the previous manual starts I did this morning... explain.

Then the system logs containing "unbound"

Once again I only see the crashes from 11:00. Nothing from 12:10-14:10

But then the question is: why did it stopped ???

I don't know but it did. Probably because something else like I just mentioned twice before.
And this the whole point of my thread: This thing is unstable so should I just get rid of it and install BIND????

SteveITS

@t0m77 I understand you’re frustrated but I’d suggest lobbing accusations about the product in its forum is maybe not the best way to get help. I haven’t seen this symptom in all my time with pfSense, at any of our clients. I think if unbound on FreeBSD was unstable for so many years it would be a well known issue.

I didn’t see you answer about DNSBL/pfBlocker…? That can use memory.

If DHCP server is set to register leases in DNS, Unbound will restart at every device’s lease renewal.

Since the problem has carried forward so long it seems likely to be something in the config. Have you tried a default configuration or as close as you can get?

johnpoz

@t0m77 I have been using unbound on pfsense since it when it was just a package, before it got fully integrated. And I don't recall any such issues.. It has been rock solid to be honest..

Did you upgrade to the 1.18.0_1 ? CE 2.7.1 has this - but you can update it in 23.09 as well

https://forum.netgate.com/post/1137464