BIND 9 Memory Leak?
Stephen John Smoogen
smooge at gmail.com
Wed Jan 24 23:22:08 UTC 2007
On 24 Jan 2007 13:23:22 -0800, Greg Burch <greg.burch at gmail.com> wrote:
> Stephen, thanks for your response. Our servers are serving as caching
> name servers and also serving up internal-only zones. We have
> thousands of clients querying each name server.
>
> You're correct in that we compiled the versions of BIND ourselves, but
> we did not tweak any compiler options from the default.
>
> I'm not sure I understand exactly what you're driving at with the "look
> for data that doesn't match your server" suggestion...there definitely
> will be cached Internet data there. The issue I had was that the zone
> files and cache dump added up to 7.7M at that moment in time, yet the
> named process is using 391M of memory. That's a very large
> discrepancy.
>
Well, I don't doubt there are some leaks in bind.. you woul dneed to
run valgrind etc to figure that out. But the size difference in dump
file and process looks pretty close to what we have on our 9.2
servers. We have multiple threads running at 350MB and a dump stat is
98MB (so a factor of 10 difference if that means anything.. but my
dump at 01:00 was around 12MB). The few BIND-9.3.x boxes with Fedora
we have do not have enough of a load to bloat up to 350 MB (They run
around 100MB)
One thing is that you aren't going to see the process get smaller..if
for some reason some client on your network decides to use you as a
proxy to query 1,000,000 hosts on the internet.. the named is going to
bloatup but later your cache size is going to be less.
I would start looking at figuring out a couple of issues with the server:
One thing we ran into lately was that some of our campus DNS servers
were allowing zone-transfers and querying to anyone in the world.
These were being used in turn by some botnet machiens to do mass
amounts of DNS queries (over a 1000/sec it would seem) and causing the
servers to swap out under load. We cleaned it up with some 'general'
security stuff.
We started working from 'templates' for a better named.conf
configuration.. I have attached a file with the options lines. It may
not be perfect (and may have some major problems that people here will
gladly say... but it cut down the problem.
> Since we've begun doing a nightly restart of the named process, we have
> not experienced the swapping issues, so it definitely looks like a
> memory leak of some kind from where I'm sitting.
>
> Thanks,
> Greg
>
> On Jan 23, 3:57 pm, "Stephen John Smoogen" <smo... at gmail.com> wrote:
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the bind-users
mailing list