pfSense

Ever since upgrading to pfSense 2.7.0, our organization has been experiencing recurring problems with unbound suddenly becoming unresponsive and running at 100% CPU. Restarting the unbound service brings pfSense back to normal for a while, but then in the next one to three days, unbound freaks out again at 100% CPU until we can manually intervene. A "truss" of unbound while it is locked up shows it in what appears to be an infinite loop trying to send to a UDP socket and getting back "No buffer space available" errors. We did not experience this problem back in pfSense 2.6.0.

I believe the bug we're experiencing is the same one identified upstream and fixed in unbound 1.19.0 here:
https://github.com/NLnetLabs/unbound/commit/0ee44ef384593ed0382d1ce6048d5a9c9440b45c

FreeBSD has backported the patch to make unbound 1.18.0_1:
https://www.freshports.org/dns/unbound/?page=1#history

We are currently testing out pfSense 2.7.1-RC (2.7.1.r.20231110.0600), but I see that the version of unbound included in that build appears to be just vanilla 1.18.0 without the backported patch.

Can you please update the unbound package to at least 1.18.0_1 in pfSense 2.7.1-RC so that we can benefit from upstream's bugfix in the soon-to-be pfSense 2.7.1 release? (unbound 1.19.0 would also contain the fix, but I don't know if that's considered too great of a change at this point in the release cycle.) This bug has made unbound and, by extension, pfSense pretty unusable for us since upgrading from pfSense 2.6.0 to 2.7.0, so we're pretty desperate to see this patch land in 2.7.1. Thanks for your consideration.