pfSense

My root.key becomes corrupt and unbound crashes and no longer will start. This bug is likely related to #5334 and has been plaguing me for a couple months. I run pfSense in ESXi so thankfully I'm able to revert to an earlier state and the bug goes away for a while. It always seems to come back and has happened to me about 6 times overall in the past few months. I'm on the latest version 2.3.2p1. Recently, I got frustrated enough to rebuild pfSense from scratch, restored my config, and again this bug is back after a couple weeks. Looking through the logs it looks like unbound restarts on the hour occasionally, and it just fails to come back up when it goes dead. When it dies, I've seen root.key contain other files and more recently it was just 0 bytes. I've also tried regenerating the key from here: https://forum.pfsense.org/index.php?PHPSESSID=vnos0emsin6prv9n3g6n5iq9n0&topic=87357.msg524385#msg524385 and that appears to create the right file, but when I hit start on unbound in the pfSense portal or reboot I end up with a 0 byte file again. My VM is also not losing power and the uptime for this occurrence is 11 days.

This most recent time I noticed that the primary file system is full and is likely the culprit. I'm opening a ticket because I wonder if there is a better way to handle this, if it is indeed the case. My guess is snort or another package is filling up my file system, and then when a cron job reboots unbound, it tries to regenerate it's key but fails because there is no room on the file system.

Should pfSense alert when it runs out of space? Should it keep logs in a separate partition so that it doesn't fill up the root filesystem? Did I misconfigure it somewhere?

Here is an excerpt of the log that I pulled out.
Nov 4 14:00:05 unbound 51227:0 notice: Restart of unbound 1.5.9.
Nov 4 14:00:05 unbound 51227:0 info: start of service (unbound 1.5.9).
Nov 4 14:00:07 unbound 51227:1 error: could not fflush(/root.key): No space left on device
Nov 4 15:00:05 unbound 51227:0 notice: Restart of unbound 1.5.9.
Nov 4 15:00:05 unbound 51227:0 error: failed to read /root.key
Nov 4 15:00:05 unbound 51227:0 error: error reading auto-trust-anchor-file: /var/unbound/root.key
Nov 4 15:00:05 unbound 51227:0 error: validator: error in trustanchors config
Nov 4 15:00:05 unbound 51227:0 error: validator: could not apply configuration settings.
Nov 4 15:00:05 unbound 51227:0 error: module init for module validator failed
Nov 4 15:00:05 unbound 51227:0 fatal error: failed to setup modules