I’m using unbound in an IPFire system. Switching on the new feature ‘DNS Firewall’ shows some issues.
The DNS firewall is based on RPZ with lists hosted on ipfire.org ( it’s called DBL ). List update uses the AXFR/IXFR mechanism. Adding / deleting a list means a reload of unbound to include / exclude the entries. This reload is done with the fast-reload operation to minimize downtime of DNS responses.
After such an operation the memory usage remains high. I suppose the extra memory for the operation isn’t freed at exit. A new invocation adds just the unbound memory usage. Consequently several updates fill up the memory space. Speed is only determined by ratio of system memory to unbound usage and frequency of updates.
Is this related to any known memory leakage problems?
The behaviour is unacceptable for small systems ( 4GB RAM ), because the increasing memory use means more and more processes use swap and therefore slow down.
main system running IPFire CU201 with Unboud 1.24.2
test sytem running the test version IPFire CU202 with Unbound 1.25.0
Both system show this bug .
At my test system I disabled the 3 RPZ zones. After fast_reload the memory usage remains. After activation of 1 RPZ zone the memory usage increases with each fast_reload.
The memory use reported by unbound-control fast_reload +vv reflects the memory used by the RPZ zone. But even with no zones activated, the free system memory doesn’t increase. This means, there are memory blocks allocated at reload but never freed.