AW: AW: Problems with bind 9.2.4

[Walkenhorst, Benjamin]

Hello,

> Hello,
> sorry, of course i can explain the problem and the done tests in 
> english.
> We have compiled bind 9.3.0 on our server and tested it with a file 
> within 30000 domainentrys with queryperf.
> After a few minutes we get an error message in 
> /var/log/messages, that 
> there is no more memory to serve any queries.
> We set "max-cache-size 256M" in our named.conf, but we 
> believe it will 
> be ignored.

You might want to play around with the operating system ressource
limits (see Bindv9 ARM section 6.2.14.7). 
You can set other limits but cachesize. And if you were testing with
authoritative zone data, that does not go into the cache as it is kept in
memory, anyway.

> Our prozess takes more than 256 MB, but it serves our queries.

Well, if you added some 30,000 domain-entries, BIND has to keep something
in mind besides cache. =) max-cache-size does not set the maximum size of
the named process, only the size of its cache.
And, like I said, BIND will keep all of its authoritative zone data in 
memory unless you use something like BIND-DLZ.
Also note that ongoing queries take a certain amount of memory, too.
A recursive query for example consumes about 20kb of memory on the server,
according the Bv9ARM. 

> Knows somebody if this option is broken or what can we make wrong?

I think it's been working since 9.2. 
With 9.1.1 we got a warning "option not implemented".

If you want to limit cache usage, besides max-cache-size, you can define
max-ncache-ttl (how long negative answers are cached)
max-cache-ttl (how long answers can be cached)
cleaning-interval (how often BIND will remove expired entries from the cache).

Especially the latter might be interesting for you, as otherwise
BIND will only remove expired RRs from the cache when queried
for them again (and in that case they get refreshed, not removed).

Depending on the situation, limiting the number of queries/connection that
BIND handles at a time might help as well.
Also note, that the limit for concurrent recursive queries the server will
respond to does not have anything to do - AFAIK - with how many non-recursive
queries (i.e. to other nameservers) BIND will answer. 
If there is no limit to the latter, and you start bombarding BIND with queries
for testing purposes, it might as well go along with your query rate until
hitting an os-internal limit (memory, open files, network activity, whatever)

One thing I could imagine is that the server - besides the data in the zone files -
needs some more memory for glue records.
If your server is to server authoritative zone data *only* (i.e. you are not going
to use it as a recursive resolver), you can try the following as well:
additional-from-cache no;
additional-from-auth no;
If I understand things correctly, this will more or less disable BIND's cache.

Kind regards,
Benjamin