increasing memory usage (using rpz zones)
Fredrik Pettai
pettai at sunet.se
Wed Oct 21 20:35:25 UTC 2020
Hi Hanspeter,
> On 20 Oct 2020, at 15:40, Hanspeter Kunz via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
>
> On Fri, 2020-10-16 at 15:56 +0200, Ralph Dolmans via Unbound-users
> wrote:
>> Hi Hanspeter,
>>
>> On 14-10-2020 23:29, Hanspeter Kunz via Unbound-users wrote:
>>> Hi all,
>>>
>>> [replying to my own post]
>>>
>>> Apparently it is normal that unbound uses *a lot of RAM* after the
>>> initial load of the rpz zones (point 1 below).
>>
>> Does your RPZ zone contain a lot of records with the local data RPZ
>> action? Due to the way the memory allocation is done here this can
>> result in a very memory hungry Unbound instance. We are working on a
>> fix
>> for this.
>
> I am not entirely sure what "local data RPZ action" means. almost all
> our records in the rpz zones are CNAMES.
(All RPZ actions use CNAME <data>)
"Local data” action means that the RPZ zone you’re supplying has an “alternative” answer that’s presented to querying client, redirecting the client to another host. (This explains why I don’t see your unbound's memory-hogging behaviour on SUNET unbound instances.)
We rewrite it to answer NXDOMAIN (CNAME .)
You could try this config example to see if it solves your issue:
rpz:
name: “aaaaa.bbbbb.switch.ch."
zonefile: “/var/lib/unbound/aaaaa.bbbbb.switch.ch.zone"
master: 130.242.XXX.YYY at ZZZZ
allow-notify: 130.242.XXX.YYY
rpz-action-override: nxdomain <<—— this is the differentiator
rpz-log: yes
rpz-log-name: aaaaa.bbbbb
tags: “malware”
HTH,
/P
More information about the Unbound-users
mailing list