Hi, my DNS proxy has been crashing since yesterday. It stopped after I turned off the DNS firewall. Can anyone tell me what’s going on (or help me)?
What messages are there in the DNS: Unbound system log?
Unfortunately, I can’t find anything there that helps me. I’m not very familiar with Linux, unfortunately. I just skimmed through the messages, but I can’t really make anything out. Would you mind taking a look at the log?
All I could tell was that suddenly the block lists could no longer be downloaded, and when I logged into the web interface, I saw that the DNS servers you had entered could no longer be resolved. I then rebooted the ipfire, as this is a sports association where 10 employees were unable to do their work. The internet connection remained stable. After about 10 minutes, it happened again, so I rebooted it again but first deactivated all DNS lists, and it has been stable ever sinc
Which lists did you activate?
What is the size of your RAM?
Are there messages in the system logs ( WUI: Logs–>System Logs )?
Your RAM number says that you have 4GB ram and the DNS Firewall takes 4GB if all lists are activated.
This is mentioned in the Documentation
https://www.ipfire.org/docs/configuration/firewall/dns#memory-consumption
This is definitely saying that unbound was stopped because all the memory was being used.
If you can’t increase the memory on the IPFire system then you will need to look at reducing the number of DNS Firewall categories.
OK, I see. How do I restart the DNS without having to restart the iFire?
Try going to the DNS page and pressing the Save button.
I just stopped unbound and then tried pressing that Save button and it did turn it back on.
You can confirm the status of the Unbound server by looking on the Services WUI page. That will also show you how much memory the DNS Firewall is using.
The Services page shows the memory used by the lists.
The Memory Information page shows the total memory.
Wouldn’t it be possible to add a warning to the DNS Firewall page and prevent a list from being activated if the memory is full?
This would prevent an unexpected crash.
I am not aware of anything that will tell us how much memory a specific list will cause unbound to consume before it has been selected and implemented.
So at least, in case of an unbound crash after loading, display the warning on the DNS Firewall page: “You have loaded too many lists, unbound has died”