Possible memory leak on BIND 9.10.1-P1 running on FreeBSD 10.1-RELEASE-p4 - part 2

Mon Jan 26 13:56:44 UTC 2015

Downgraded to BIND 9.9.6, the leak is gone, using the same named.conf, 
same HW, same environment.

It is highly likely there is really a memory leak problem in Bind 9.10.

-- 
S pozdravem,
Daniel Ryšlink
System Administrator

Dial Telecom a. s.
Křižíkova 36a/237
186 00 Praha 3, Česká Republika
Tel.:+420.226204627
daniel.ryslink at dialtelecom.cz
-----------------------------------------------
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
-----------------------------------------------

-------- Forwarded Message --------
Message-ID: 	<54C2B2F1.2080304 at dialtelecom.cz>
Date: 	Fri, 23 Jan 2015 21:45:37 +0100
From: 	Daniel Ryšlink <ryslink at dialtelecom.cz>
User-Agent: 	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 
Thunderbird/31.4.0
MIME-Version: 	1.0
To: 	bind-users at lists.isc.org
Subject: 	Possible memory leak on BIND 9.10.1-P1 running on FreeBSD 
10.1-RELEASE-p4
Content-Type: 	text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 	8bit

Hello,

Detailed information about the resolver can be fount in the tgz archive at:

http://www.mujweb.cz/nakamura/dns/leakinfo.tgz

leak.png - munin graph of memory allocation from the last few days
named.conf - BIND config in the canonical form (output of
named-checkconf -p)
dmidecode.txt - information about the server hardware
named.stats - log of "rndc stats" dump created by munin-node each five
minutes

Basically, the symptoms manifest in the form of the named process slowly
allocating more and more memory until it runs out of swap and crashes.
The interesting thing is that the inactive memory is not recycled and
used, and in the moment of the named crash there is still a lot of
Inactive memory.

There are no significant peaks in network traffic or query rates.

The problems appeared after upgrading to FreeBSD 10.1 and upgrading to
Bind 9.10. Before, the same server run without problems for several
years on bind 9.9.x and FreeBSD 8.x versions, everything was quite stable.

The server operates behind an OpenBSD pf firewall that restricts access
to TCP/UDP port 53 to only defined IP ranges of our clients.

Things that I tried:
- installing the latest openssl from ports to avoid the problem in the
advisory from 14.01.2015
- removing all unnecessary compile options (like IDN, rate limiting) and
recompiling BIND from ports
- tweaking the max-cache-size, tcp-clients and recursive-clients options

Any insights into the problem are highly appreciated, since I am at my
wit's end.

Thank you in advance.

-- 
S pozdravem,
Daniel Ryšlink
System Administrator

Dial Telecom a. s.
Křižíkova 36a/237
186 00 Praha 3, Česká Republika
Tel.:+420.226204627
daniel.ryslink at dialtelecom.cz
-----------------------------------------------
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
-----------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150126/25cea2e8/attachment.html>