Re: unbound-checkconf "Killed" on openbsd 6.4 amd64 when loading large local cache

Wed, 24 Oct 2018 20:15:02 -0700 

Tom Smyth wrote:

> Hello all,
> unbound-checkconf "Killed" when cheking a large local zone config file
> rcctl start unbound fails because of the above command failing
> 
> background
> 
> we were migrating our dns filtering from one platform to openbsd
> so we have a basic unbound configuration file that loads another
> configuration file that contains zones for an educational institution
> to filter inappropiate sites for kids.
> the zone file is located below (89M)
> http://5.134.89.24/unboundlocalzone.conf
> the above file was loaded into /var/unbound/etc/
> and then was included in the unbound.conf file using the include
> directive
> include: /var/unbound/etc/unboundlocalzone.conf
> 
> when I run unbound-checkconf it runs for about 30 seconds and then
> i see a "Killed" message on  the commandline
> 

I just run unbound-checkconf with your local zone file and I can't
reproduce your report 

oko# uname -a
OpenBSD oko.bagdala2.net 6.4 GENERIC.MP#364 amd64

oko# ls -l 
total 183368
-rw-r--r--  1 root      wheel         2366 Oct 24 23:03 unbound.conf
-rw-r--r--  1 _unbound  _unbound  93821046 Oct 24 23:00 unboundlocalzone.conf

oko# head -10 unboundlocalzone.conf
     
server:
local-zone: "000000000gratisporno.ontheweb.nl" redirect
local-data: "000000000gratisporno.ontheweb.nl A 5.134.89.24"
local-zone: "000000000sexe.free.fr" redirect
local-data: "000000000sexe.free.fr A 5.134.89.24"
local-zone: "00000nwebcamnow.com" redirect
local-data: "00000nwebcamnow.com A 5.134.89.24"
local-zone: "0000.1.free.fr" redirect
local-data: "0000.1.free.fr A 5.134.89.24"
local-zone: "000069.com" redirect



oko# grep "include" unbound.conf
     
        include: "/var/unbound/etc/unboundlocalzone.conf"

oko# unbound-checkconf
unbound-checkconf: no errors in /var/unbound/etc/unbound.conf


It did take good 30-45 seconds for my machine to parse the file. However
I was NOT able to start the unbound with your zone file due to the time
out error.

oko# rcctl start unbound      
unbound(timeout)


I have four cores and 16 GB of RAM on this machine. I can try
tomorrow at work on much more powerful machine with 64 GB of RAM. 

Cheers,
Predrag




> rcctl start unbound fails after about the same time and it woudl appear
> that the rcctl script calls unbound-checkconf  before starting the
> unbound
> 
> however running unbound or nohup unbound works fine..
> to load that local zone into memory it takes about  4G of Ram,
> 
> /var/log/messages is clear
> /var/log/daemon is clear
> 
> 
> 
> 
> 
> -- 
> Kindest regards,
> Tom Smyth

Reply via email to