BIND-9.16.1 memory leak?

Michael Sinatra michael at brokendns.net
Mon Apr 20 17:46:58 UTC 2020 

On 2020-04-17 06:45, sthaug at nethelp.no wrote:
> We have what appears to be a significant memory leak in BIND-9.16.1.
> 
> Environment:
>  FreeBSD 12.1-STABLE.
>  BIND-9.16.1 installed from packages.
>  Also uses libuv-1.35.0 installed from packages.
>  Authoritative only.
>  Around 800 zones of varying sizes. DNSSEC in use.

Additional datum, as I am seeing the same thing:

- FreeBSD 12.1-RELEASE-p3
- BIND-9.16.1 compiled from ports/poudriere via a local package build
server (no options changed, though, so it likely could have been
installed from the FreeBSD package repo).
- Authoritative only
- `rndc status` reports 1058 zones (69 automatic)
- Host is a VM with 16GiB allocated and 4 CPU cores
- named running for approx 2.5 weeks (wall-clock)

Current BIND status (from `top`):

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU
COMMAND
 1707 bind         14  52    0  5312M  5260M sigwai   2  34.4H   5.79% named

A recursive-only server, running the same versions of all software, on
an identically-provisioned VM, running for the same amount of wall-clock
time (approximately 2.5 weeks) looks like this:

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU
COMMAND
 1485 bind         14  52    0   927M   890M sigwai   3  89.6H  32.86% named

The recursive memory footprint looks normal.

Contrast that with a separate server:

- FreeBSD 11.3-RELEASE-p7
- BIND 9.14.11 compiled from ports/poudriere via a local package build
server (no options changed, though, so it likely could have been
installed from the FreeBSD package repo).
- Authoritative only + recursive only running in a separate jail
- Same configuration as above, only a bit busier
- Host is standalone with 96GiB RAM and 8 cores

In the `top` output below, both the jailed named processes are shown.
The busier one is the authoritative-only:

  PID USERNAME      THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU
COMMAND
  896 bind           18  52    0   956M   927M sigwai  0  99.2H  30.03%
named
 1584 bind           18  52    0  1171M  1080M sigwai  2 166.2H  13.47%
named

It definitely looks like a memory leak in 9.16.1 when configured as
authoritative-only.  The leak seems slow enough as to be manageable, but
the footprint does appear to growing monotonically (and is still
growing--by another 4M as I wrote this email).

michael

More information about the bind-users mailing list