search

NLnetLabs / unbound

Unbound is a validating, recursive, and caching DNS resolver.
https://nlnetlabs.nl/unbound
BSD 3-Clause "New" or "Revised" License
3.13k stars 359 forks source link

error: "memory exhausted" when defining more than 9994 local-zones #1127

Closed markus-t314 closed 2 months ago

markus-t314 commented 2 months ago

Describe the bug unbound 1.21 does not start anymore with the same config files that worked in 1.20. The error originates when parsing the config file:

# unbound-checkconf 
/etc/unbound/blocklist.conf:9994: error: memory exhausted
read /etc/unbound/unbound.conf failed: 1 errors in configuration file

Minimal unbound.conf

server:
        access-control-view: 192.168.0.0/16 adware_view
view:
        name: "adware_view"
        include: /etc/unbound/blocklist.conf

With blocklist.conf containing LOTS of entries like local-zone: "some.domain.com" always_nxdomain

Sample configuration files are here: config_files.tar.gz

If blocklist.conf is stripped down to 9993 lines, it works and unbound consumes around ~12M memory. So, this doesn't look like an OOM error. With unbound 1.20 I had around 170k local-zone entries and with a memory consumption of around ~75M. If this setup is somehow not supported anymore, how would I change it?

To reproduce

  1. Use attached config files
  2. Execute unbound-checkconf

Expected behavior unbound still works.

System:

Configure line: --prefix=/usr --sysconfdir=/etc --localstatedir=/var --sbindir=/usr/bin --disable-rpath --enable-dnscrypt --enable-dnstap --enable-pie --enable-relro-now --enable-subnet --enable-systemd --enable-tfo-client --enable-tfo-server --enable-cachedb --with-libhiredis --with-conf-file=/etc/unbound/unbound.conf --with-pidfile=/run/unbound.pid --with-rootkey-file=/etc/trusted-key.key --with-libevent --with-libnghttp2 --with-pyunbound Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.3.1 4 Jun 2024 Linked modules: dns64 cachedb subnetcache respip validator iterator DNSCrypt feature available TCP Fastopen feature available

BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

wcawijngaards commented 2 months ago

I understand things are going wrong, but there have been no memory allocation changes for local zones between 1.20.0 and 1.21.0.

wcawijngaards commented 2 months ago

The issue reproduced exactly, it seems the grammar rules for the config parsing caused the stack depth for the parser to be exceeded at that point. The fix makes it not run down the stack. That fix makes the config example work for me. Thank you for detailed bug report!