Bind9(9.3.2p1) "out of memory"

Mark Andrews Mark_Andrews at isc.org
Thu Sep 28 13:38:44 UTC 2006 

> In article <efg26t$15un$1 at sf1.isc.org>,
>  "Adam Young" <adamy at mountaincable.on.ca> wrote:
> 
> > Hi Stefan,
> > 
> > > No idea what BIND does there but i remember there is (was?) a hard limit
> > > of 3GB RAM
> > > per user process [1|2] in default x86-32 kernels.
> > > But as you mentioned you limited max-cache-size to 3GB the question that
> > > springs to my mind is: Do you really need such a huge working set for
> > > your cache? (Assuming its a caching-only server.)
> > > I have been quite lucky with just 380MB on several machines after i used
> > > two split processes per machine and disabled threading with bind9.
> > > Do you already monitor your servers query-load [3]?
> > > I'd say try limiting the max-cache-size to 2 or even 1GB and then look
> > > at your graphs and see if it has any bad impact on your users.
> > 
> > I think I may have found a reason why there are so many queries and why the
> > cache is growing so large.
> > 
> > It looks like it is trying to tag on the domains I've listed in
> > /etc/resolv.conf with "search" to either all of the queries, or ones that
> > are failing.
> 
> That's what the "search" option is for!  Whenever a lookup fails, the 
> resolver tries again with these domains appended. 
> 
> > 
> > Do you know how to stop this? I tried removing them and restarting bind, bu
> t
> > it still shows the following being queried (ie.):
> > 
> > Isc.org
> > Isc.org.localnet.
> > Isc.org.mountaincable.net.
> 
> It shouldn't continue searching after a successful lookup.  You need to 
> investigate the client, this isn't a problem with the server.

	The client is most probably AAAA queries in series rather than
	in parallel with A queries.  The resolver doesn't stop searching
	on NODATA responses.  

	e.g.
		look for Isc.org, Isc.org.localnet and
		Isc.org.mountaincable.net A records stopping on first
		match then look for Isc.org, Isc.org.localnet and
		Isc.org.mountaincable.net AAAA records stopping on first 
                match

		rather than

		looking for Isc.org A and AAAA records and stopping
		on either matching then if no match Isc.org.localnet
		A and AAAA records and stopping on either matching
		then if no match Isc.org.mountaincable.net A and
		AAAA records and stopping on either matching.

	I can only presume not stopping on NODATA was to handle
	looking for A records in the presence of wildcard MX records
	in pre RFC 1535 aware resolvers which walked the search
	list before multi-label names were tried as is.  Most of
	the early use of wildcards was to handle email.
 
> -- 
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
> 
> 
--
ISC Training!  October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP.  Email training at isc.org.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list