Bind 9.16.28 upgrade: high memory utiization and OOM
Prasanna Mathivanan (pmathiva)
pmathiva at cisco.com
Tue Sep 27 14:09:12 UTC 2022
Hi team,
We had recently upgraded our bind nameservers from 9.14.10 to 9.16.28. This led to the hosts gradually using up a lot of memory and eventually named was OOM killed as it consumed nearly 7GB out of total 8GB server memory. (This package was built from source for centos 7)
I’ve been looking into this and tested the performance of both 9.14 and 9.16 under the traffic of 600 queries per sec for 12 hours, which is the average qps our servers get. It was found that while 9.14 had a surge of around 2GB, 9.16 had a surge of 5.2GB during this time. I wanted to know whether this difference in memory consumption is expected while migrating from 9.14.10 to 9.16.28, or if this could be a memory leak that would keep building over time; it would really help if I can get some insights on what might be causing this, or if there’s any way to avoid this other ram bumping up the RAM.
Also I noticed some CVE related to this bind version recently, if anything to do with that ?
1. A memory leak was fixed that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm. (CVE-2022-38177)
2. Memory leaks were fixed that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178)
I’d be glad to provide more info if needed. Would really appreciate your inputs and suggestions on this.
--
Regards,
Prasanna.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220927/1ed3a98c/attachment.htm>
More information about the bind-users
mailing list