Significant memory usage

Carlos Horowicz carlos at planisys.com
Tue Jul 1 17:17:17 UTC 2025 

Hello there,

I’m not a BIND developer either, but I was intrigued when you mentioned 
/millions of zone entries/. Are you referring to millions of individual 
zones, rather than consolidating entries into a single RPZ zone?

Apologies if I misunderstood your setup. I’ve also encountered memory 
issues in recent BIND versions — BIND 9.18.33 on Debian 12 is a 
tremendous beast, capable of handling millions of QPS — but after 
reducing logging (including DNSTAP) and disabling serve-stale, I saw a 
significant improvement in both performance and memory usage.

Best regards,

*Carlos Horowicz***

Planisys

On 01/07/2025 19:03, OwN-3m-All wrote:
> Can we quit pretending that the newest versions of bind aren't memory 
> hogs?  We shouldn't have to provide the technical details as to why 
> the newest versions of bind use so much ram.  We don't know.  We're 
> just end users.  However, with millions of zone entries (used as an ad 
> blocking DNS server) like:
>
> zone ad-assets.futurecdn.net <http://ad-assets.futurecdn.net> { type 
> master; notify no; file "/etc/bind/null.zone.file"; };
>
> with /etc/bind/null.zone.file containing:
>
> ; BIND db file for ad servers - point all addresses to localhost
> ;
> ; This file comes from:
> ;
> ; https://pgl.yoyo.org/adservers/
> ;
> ; A site with a list of ad servers and details on how to use it to
> ; block ads on the Internet. Plus some BIND stuff and other bits.
> ;
> ;  - pgl at yoyo.org
> ;
>
> $TTL    86400   ; one day
>
> @       IN      SOA ns0.example.net <http://ns0.example.net>. 
> hostmaster.example.net <http://hostmaster.example.net>. (
>                         2002061000       ; serial number YYMMDDNN
>                         28800   ; refresh  8 hours
>                         7200    ; retry    2 hours
>                         864000  ; expire  10 days
>                         86400 ) ; min ttl  1 day
>                 NS ns0.example.net <http://ns0.example.net>.
>                 NS ns1.example.net <http://ns1.example.net>.
>
>                 A       127.0.0.1
>                 AAAA       ::1
>
> *               IN      A       127.0.0.1
> *               IN      AAAA       ::1
>
> Bind 1:9.20.10-1+ubuntu20.04.1+deb.sury.org <http://deb.sury.org>+1 
> amd64 runs out of memory and crashes on a 4GB virtual machine with 1 
> vCPU.
>
> I downgraded to 9.18 (and am using the same bind configs as before) 
> and that "fixed" the issue:
>
> apt-get install bind9=1:9.18.30-0ubuntu0.20.04.2 
> bind9-utils=1:9.18.30-0ubuntu0.20.04.2 
> bind9-libs=1:9.18.30-0ubuntu0.20.04.2
>
> So, rather than pretending that the new version of bind is better, 
> maybe the developers of bind should figure out how to make the newer 
> versions of bind more memory efficient than the older versions as 
> opposed to making them significantly worse in regards to memory usage.
>
> There have been countless threads in bind-users complaining about 
> memory usage in the newest versions.  It's time that these reports 
> were taken seriously.  They're legit.  Newer versions of bind use more 
> memory.  Why?  I don't know... I'm not a bind developer.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250701/e1016bb3/attachment-0001.htm>

More information about the bind-users mailing list