Hi Jan. There could be SO many things going on here. I have a few questions: - Do you mean 200 QPS or 200,000 QPS? I was wondering if a "k" had missed the print. If it's really 200, this box (not necessarily just BIND) sounds very ill. 200 QPS is background noise and (depending what's going on) shouldn't be close to killing a box. - Are you stuck on 9.16.30 for some reason? If not, grab the latest 9.18 package. It will be less memory hungry generally and contain fixes for recent issues. - Can you give the system more memory? Real RAM, not swap. Swap is bad for DNS generally because it's so slow. - What does your config look like? Do you have lots of views, RPZ, stale cache... All those things would tend to increase the memory footprint of a busy server, depending on the query pattern. - What sort of queries are you hitting it with? - Have you looked at how it's handling those queries? Its path to the Internet, for resolution, whether there are any network/firewall issues potentially causing log jams...
Turning up debugging might show something: rndc trace 99. If it's crashing, get a core dump and analyse that. Try starting named and not sending it any queries at all. Just sit and watch it, monitor the system and process memory use. etc. That turned into a bit more than a few! I hope some of that helps a bit. Cheers, Greg On Sun, 12 Feb 2023 at 01:14, Jan Schaumann via bind-users < bind-users@lists.isc.org> wrote: > Hi, > > I have a local caching resolver running bind 9.16.30 > on NetBSD/amd64 9.3. > > I'm currently hitting it on localhost with > approximately 200 qps, and it reliably gets killed > after approximately 3 hours with "out of swap" > messages in dmesg. > > The system in question is a Xen VPS with 6 GB RAM and > 256 MB swap. > > This seems similar to the issue reported here: > https://www.mail-archive.com/bind-users@lists.isc.org/msg30933.html > > (There, > https://gitlab.isc.org/isc-projects/bind9/-/issues/3051 > was listed as a possibly mitigating commit.) > > No matter how much swap I add, it eventually runs out, > so this seems to me to suggest a leak somewhere. > > The relevant information about the system and version > is below, but I was wondering what troubleshooting > suggestions you might have. > > > $ /usr/pkg/sbin/named -V > BIND 9.16.30 (Extended Support Version) <id:61fdb40> > running on NetBSD amd64 9.3 NetBSD 9.3 > built by make with '--with-lmdb=no' > '--with-blacklist=yes' '--with-blocklist=no' > '--disable-native-pkcs11' '--without-libxml2' > '--without-libjson' '--with-readline' '--with-libtool' > '--sysconfdir=/usr/pkg/etc' '--localstatedir=/var' > '--with-openssl=/usr/pkg' '--with-python=no' > '--prefix=/usr/pkg' '--build=x86_64--netbsd' > '--host=x86_64--netbsd' '--mandir=/usr/pkg/man' > '--enable-option-checking=yes' > 'build_alias=x86_64--netbsd' > 'host_alias=x86_64--netbsd' 'CC=gcc' 'CFLAGS=-O2 -fPIC > -D_FORTIFY_SOURCE=2 -pthread -I/usr/include > -I/usr/include/readline -I/usr/pkg/include' > 'LDFLAGS=-Wl,-zrelro -pthread -L/usr/lib > -Wl,-R/usr/lib -L/usr/pkg/lib -Wl,-R/usr/pkg/lib' > 'LIBS=' 'CPPFLAGS=-I/usr/include > -I/usr/include/readline -I/usr/pkg/include' > 'PKG_CONFIG=/usr/pkg/bin/pkg-config' > 'PKG_CONFIG_PATH=' > 'PKG_CONFIG_LIBDIR=/usr/pkg/lib/pkgconfig:/usr/pkg/share/pkgconfig' > compiled by GCC 5.5.0 > compiled with OpenSSL version: OpenSSL 1.1.1q 5 Jul 2022 > linked to OpenSSL version: OpenSSL 1.1.1q 5 Jul 2022 > compiled with libuv version: 1.44.1 > linked to libuv version: 1.44.1 > compiled with zlib version: 1.2.10 > linked to zlib version: 1.2.10 > threads support is enabled > > default paths: > named configuration: /usr/pkg/etc/named.conf > rndc configuration: /usr/pkg/etc/rndc.conf > DNSSEC root key: /usr/pkg/etc/bind.keys > nsupdate session key: /var/run/named/session.key > named PID file: /var/run/named/named.pid > named lock file: /var/run/named/named.lock > > $ sudo rndc status > version: BIND 9.16.30 (Extended Support Version) <id:61fdb40> > running on panix.netmeister.org: NetBSD amd64 9.3 NetBSD 9.3 > boot time: Sat, 11 Feb 2023 23:32:33 GMT > last configured: Sat, 11 Feb 2023 23:32:34 GMT > configuration file: /usr/pkg/etc/named.conf > (/var/chroot/named/usr/pkg/etc/named.conf) > CPUs found: 1 > worker threads: 1 > UDP listeners per interface: 1 > number of zones: 127 (97 automatic) > debug level: 0 > xfers running: 0 > xfers deferred: 0 > soa queries in progress: 0 > query logging is ON > recursive clients: 138/9900/10000 > tcp clients: 0/150 > TCP high-water: 1 > server is up and running > > > -Jan > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
