Information about how RPZ zones are handled in RAM

dns at todoo.biz dns at todoo.biz
Mon Mar 6 13:44:44 UTC 2023 

Hello, 

We have implemented Unbound + RPZ filtering in our firewall and are seeing some "strange" behaviour. 

Just after loading our RPZ zones (8.9 millions records) we are seeing CPU raise to 50% (two Cores VM), and RAM being progressively "populated" with the records I guess. 



So this is kind of normal, the loading takes about 1' on our standard VM

Then after an undefined amount of time (couple of hours AFAICT), the memory starts to drop again as if the RAM is being freed or optimised somewhere on the process. 
So we are getting back to quite low memory fingerprint, despite the filtering still being active. 



Can anyone help us better understand how this process is working ? 
Is there a way to directly trigger the process to free the RAM after zones are being loaded ? 

These tests have been done using v.1.17.0 and we will follow up testing with 1.17.1 this afternoon (FreeBSD based). 


Thanks. 

—


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20230306/8264433c/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 5ed90acafcb4795d1a34da14ca263b992818379ecc192f93784986c5705d7524.png
Type: image/png
Size: 81996 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20230306/8264433c/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: a6e7ebf7c39aa3f53ac4fb5e7ea7bf947de20c2c66c528e80d9aa30863f70438.png
Type: image/png
Size: 81944 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20230306/8264433c/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: LOGO_OCTOPUS_90.png
Type: image/png
Size: 4732 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20230306/8264433c/attachment-0005.png>

More information about the Unbound-users mailing list