search

NLnetLabs / unbound

Unbound is a validating, recursive, and caching DNS resolver.
https://nlnetlabs.nl/unbound
BSD 3-Clause "New" or "Revised" License
3.03k stars 347 forks source link

Unbound returns "error: memory exhausted" with include directive on large file with version 1.21.0 #1129

Closed simonpie closed 3 weeks ago

simonpie commented 3 weeks ago

Describe the bug Starting with version 1.21.0, when loading unbound and using include directive to load a large file with lots of NXDOMAIN (244 859 entries), unbound gives a memory exhausted error and does not load on freebsd 13.3-p5.

To reproduce Steps to reproduce the behavior:

  1. add include directive to file with lots (over 244000) of entries like this "local-zone: "vip.xvpn.io" always_nxdomain"
  2. try to start unbound with service start unbound

Expected behavior Unbound should start ( as it did before with version 1.20.0_1 )

System:

Configure line: --with-libexpat=/usr/local --with-ssl=/usr --enable-dnscrypt --disable-dnstap --with-libnghttp2 --with-dynlibmodule --enable-ecdsa --disable-event-api --enable-gost --with-libevent --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/share/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd13.3 Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 1.1.1w-freebsd 11 Sep 2023 Linked modules: dns64 dynlib respip validator iterator DNSCrypt feature available

BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues


**Additional information**
The behaviour appeared right after updating package from 1.20..0_1 ( still on 13.3-p5 ).  
Here is the output when restarting package and including file :

sudo service unbound start
/usr/local/etc/unbound/monblocker.conf:12163: error: memory exhausted read /usr/local/etc/unbound/unbound.conf failed: 1 errors in configuration file Obtaining a trust anchor... /usr/local/etc/unbound/monblocker.conf:12163: error: memory exhausted read /usr/local/etc/unbound/unbound.conf failed: 1 errors in configuration file /usr/local/etc/rc.d/unbound: WARNING: failed precmd routine for unbound

And of course monblocker.conf is the included large file. If I use a sharp sign (#) to comment out the include directive, unbound starts just fine.

If I use just a couple of lines out of the 24000, the include directive works just fine and unbound loads and returns NXDOMAIN for the few remaining domains.

wcawijngaards commented 3 weeks ago

Is this the same issue as #1127 ? It sounds like it could be. Perhaps the bug fix for that issue also fixed this issue here?

simonpie commented 3 weeks ago

Yes exactly. Sorry, I though I search for "memory exhausted" before posting. What is the optimal way of closing this issue now ?

wcawijngaards commented 3 weeks ago

Okay, nice that it fixes this problem too.

simonpie commented 3 weeks ago

Well, I can't vouch for that yet. But bug reports seems to refer to the same issue.

wcawijngaards commented 3 weeks ago

If it does not fix the issue, this can be reopened. It would be nice to have the config that fails then; like a short version of the main config file and the include described with a sample line, because that would apparently then be a different config bug.

simonpie commented 3 weeks ago

Here are the three files needed to load my config. Hopefully, unbound.conf is cleaned up correctly.

Archive.zip

wcawijngaards commented 3 weeks ago

With the archive, I have verified that the fix works. Without the fix, with version 1.21.0, it gives the error like in the issue post, monblocker.conf:12163: error: memory exhausted. With the fix, there is no error. So the issue is already fixed by the other bug fix.

simonpie commented 3 weeks ago

Thank you very much.