DNS blackhole and excessive memory consumption

Andrea andreamtp+unbound at goodfellow.it
Wed Apr 17 12:56:47 UTC 2019 

Hi,
      I'm in the process of tuning my dns server configuration and 
starting to blackhole some categories of domains, in order to block ads, 
scams, malware, ransomware & more...
I've been inspired by the piHole project [0]

I've implemented my blackhole using the directive "local-zone", 
basically making unbound authoritative for those malicious/unwanted 
domains, i.e.:

local-zone: "spam.com" redirect
local-data: "spam.com A 0.0.0.0"

as per documentation [1] :

*local-zone:*  /<zone>/  /<type>/
               Configure  a  local zone. The type determines the answer to give
               if there is no  match  from  local-data.  The  types  are  deny,
               refuse,  static, transparent, redirect, nodefault, typetranspar-
               ent, inform, inform_deny,  inform_redirect,  always_transparent,
               always_refuse, always_nxdomain, noview, and are explained below.
               After that the default settings are listed. Use  local-data:  to
               enter  data  into  the  local  zone. Answers for local zones are
               authoritative DNS answers. By default the zones are class IN.


The blackhole conf file I've produced now count 835.133 zones

# fgrep  -c local-zone /etc/unbound/local.d/blocklist.conf


you can find at the url:

http://goodfellow.it/blackhole.conf.xz

and btw is working great with the default unbound configuration on 
Fedora with latest version:

Version 1.9.1
linked libs: libevent 2.1.8-stable (it uses epoll), OpenSSL 1.1.1b FIPS  
26 Feb 2019


I'm only surprise by the memory consumption of this configuration:

# cat /proc/25276/status
Name:   unbound
Umask:  0022
State:  S (sleeping)
Tgid:   25276
Ngid:   0
Pid:    25276
PPid:   1
TracerPid:      0
Uid:    995     995     995     995
Gid:    991     991     991     991
FDSize: 128
Groups: 991
NStgid: 25276
NSpid:  25276
NSpgid: 25276
NSsid:  25276
VmPeak:  7413084 kB
VmSize:  7347548 kB
VmLck:         0 kB
VmPin:         0 kB
VmHWM:   4043688 kB
VmRSS:   4043408 kB
RssAnon:         4036636 kB
RssFile:            6772 kB
RssShmem:              0 kB
VmData:  7140080 kB
VmStk:       148 kB
VmExe:       884 kB
VmLib:      6392 kB
VmPTE:     14004 kB
VmSwap:       16 kB
HugetlbPages:          0 kB
CoreDumping:    0
THP_enabled:    1
Threads:        4

Is it expected that with such configuration unbound consume 4GB of RAM?
Is there anything that may be done in order to reduce the memory 
consumption?

Replicating a similar configuration with dnsmasq, with half of dataset, 
consume just 230MB.

Am I doing something wrong, or can my goal be achieved in a more 
resource effective way?

Thanks for the clarifications you may provide

[0] https://docs.pi-hole.net/main/prerequesites/#hardware
[1] https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/


Andrea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190417/f7eb6946/attachment.htm>

More information about the Unbound-users mailing list