Hello there,
I’m not a BIND developer either, but I was intrigued when you mentioned
/millions of zone entries/. Are you referring to millions of individual
zones, rather than consolidating entries into a single RPZ zone?
Apologies if I misunderstood your setup. I’ve also encountered memory
issues in recent BIND versions — BIND 9.18.33 on Debian 12 is a
tremendous beast, capable of handling millions of QPS — but after
reducing logging (including DNSTAP) and disabling serve-stale, I saw a
significant improvement in both performance and memory usage.
Best regards,
*Carlos Horowicz***
Planisys
On 01/07/2025 19:03, OwN-3m-All wrote:
Can we quit pretending that the newest versions of bind aren't memory
hogs? We shouldn't have to provide the technical details as to why
the newest versions of bind use so much ram. We don't know. We're
just end users. However, with millions of zone entries (used as an ad
blocking DNS server) like:
zone ad-assets.futurecdn.net <http://ad-assets.futurecdn.net> { type
master; notify no; file "/etc/bind/null.zone.file"; };
with /etc/bind/null.zone.file containing:
; BIND db file for ad servers - point all addresses to localhost
;
; This file comes from:
;
; https://pgl.yoyo.org/adservers/
;
; A site with a list of ad servers and details on how to use it to
; block ads on the Internet. Plus some BIND stuff and other bits.
;
; - p...@yoyo.org
;
$TTL 86400 ; one day
@ IN SOA ns0.example.net <http://ns0.example.net>.
hostmaster.example.net <http://hostmaster.example.net>. (
2002061000 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns0.example.net <http://ns0.example.net>.
NS ns1.example.net <http://ns1.example.net>.
A 127.0.0.1
AAAA ::1
* IN A 127.0.0.1
* IN AAAA ::1
Bind 1:9.20.10-1+ubuntu20.04.1+deb.sury.org <http://deb.sury.org>+1
amd64 runs out of memory and crashes on a 4GB virtual machine with 1
vCPU.
I downgraded to 9.18 (and am using the same bind configs as before)
and that "fixed" the issue:
apt-get install bind9=1:9.18.30-0ubuntu0.20.04.2
bind9-utils=1:9.18.30-0ubuntu0.20.04.2
bind9-libs=1:9.18.30-0ubuntu0.20.04.2
So, rather than pretending that the new version of bind is better,
maybe the developers of bind should figure out how to make the newer
versions of bind more memory efficient than the older versions as
opposed to making them significantly worse in regards to memory usage.
There have been countless threads in bind-users complaining about
memory usage in the newest versions. It's time that these reports
were taken seriously. They're legit. Newer versions of bind use more
memory. Why? I don't know... I'm not a bind developer.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
