Tuning Authoritative Memory Usage

Petr Špaček pspacek at isc.org
Wed Apr 27 16:19:59 UTC 2022 

On 27. 04. 22 16:04, Matt Corallo wrote:
> I run a number of BIND9 (9.16-27-1~deb11u1 - Debian Stable) secondaries 
> with some large zones (10s of DNSSEC-signed zones with ~100k records, 
> not counting signatures, with a smattering of other zones). Somewhat to 
> my surprise, even with "recursion no" the memory usage of instances is 
> highly correlated with the hosts's available memory - BIN9 uses ~400M 
> RSS on hosts with 1G of non-swap memory, but 2.3G on hosts with 4G of 
> non-swap memory, all with identical configs and the same zones.

Before we dive in, the general recommendation is:

"If you are concerned about memory usage, upgrade to BIND 9.18." It has 
lot smaller memory footprint than 9.16.


It can have many reasons, but **if the memory usage is not growing 
without bounds** then I'm betting it is just an artifact of the old 
memory allocator. It has a design quirk which causes it not return 
memory to OS (if it allocated in small blocks). As a result, the memory 
usage visible on OS level peaks at some value and then stays there.

If that's what's happening you should see it in internal BIND 
statistics: Stats channel at URL /json/v1 shows value memory/InUse which 
will be significantly smaller than value seen by OS.

In case the two values are close then you are seeing some other quirk 
and we need to dig deeper.

Petr Špaček

P.S. BIND 9.18 does not suffer from this, so I suggest you just upgrade 
and see.



> 
> I can't seem to find any references to anything in the ARM which would 
> allow tuning of memory usage for non-recursive servers, and the only 
> real reference to anything about memory I could find was 
> "max-cache-size". The entire bind config follows:
> 
> zone "." { type hint...}
> zone "localhost/127/0/255.in-addr.arpa" { type master; ... }
> 
> zone "zones.catalog" { type slave; file ...; masterfile-format text; 
> masters { .. }; notify no; };
> zone "zones2.catalog" { type slave; file ...; masterfile-format text; 
> masters { .. }; notify no; };
> 
> options {
>      dnssec-validation auto;
> 
> 
> 
>      listen-on-v6 { any; };
> 
>      allow-transfer { none; };
> 
>      notify explicit;
> 
> 
> 
>      recursion no;
> 
>      max-journal-size 4096;
> 
>      max-cache-size 8M;
> 
>      zone-statistics yes;
> 
> 
> 
>      masterfile-format raw;
> 
> 
> 
>      catalog-zones {
> 
>          zone "zones.catalog"
> 
>              default-masters { ... }
> 
>              in-memory no
> 
>              min-update-interval 10;
> 
>          zone "zones2.catalog"
> 
>              default-masters { ... }
> 
>              in-memory no
> 
>              min-update-interval 10;
> 
>      };
> 
> };
> 
> Thanks,
> Matt

More information about the bind-users mailing list