<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p class="p1">Hello there,</p>
<p class="p1">I’m not a BIND developer either, but I was intrigued
when you mentioned <i>millions of zone entries</i>. Are you
referring to millions of individual zones, rather than
consolidating entries into a single RPZ zone?</p>
<p class="p1">Apologies if I misunderstood your setup. I’ve also
encountered memory issues in recent BIND versions — BIND 9.18.33
on Debian 12 is a tremendous beast, capable of handling millions
of QPS — but after reducing logging (including DNSTAP) and
disabling <span class="s1">serve-stale</span>, I saw a
significant improvement in both performance and memory usage.</p>
<p class="p1">Best regards,</p>
<p class="p3"><b>Carlos Horowicz</b><b></b></p>
<p class="p1">Planisys</p>
<div class="moz-cite-prefix">On 01/07/2025 19:03, OwN-3m-All wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAK0ZC5XSu8gyOOZfnXshruKRmsx5haMeHaZAJCRhNGEy8kP9NQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Can we quit pretending that the newest versions of
bind aren't memory hogs? We shouldn't have to provide the
technical details as to why the newest versions of bind use so
much ram. We don't know. We're just end users. However, with
millions of zone entries (used as an ad blocking DNS server)
like:
<div><br>
</div>
<div>zone <a href="http://ad-assets.futurecdn.net"
moz-do-not-send="true">ad-assets.futurecdn.net</a> { type
master; notify no; file "/etc/bind/null.zone.file"; };<br>
</div>
<div><br>
</div>
<div>with /etc/bind/null.zone.file containing:</div>
<div><br>
</div>
<div>; BIND db file for ad servers - point all addresses to
localhost<br>
;<br>
; This file comes from:<br>
;<br>
; <a href="https://pgl.yoyo.org/adservers/"
moz-do-not-send="true" class="moz-txt-link-freetext">https://pgl.yoyo.org/adservers/</a><br>
;<br>
; A site with a list of ad servers and details on how to use
it to<br>
; block ads on the Internet. Plus some BIND stuff and other
bits.<br>
;<br>
; - <a href="mailto:pgl@yoyo.org" moz-do-not-send="true"
class="moz-txt-link-freetext">pgl@yoyo.org</a><br>
;<br>
<br>
$TTL 86400 ; one day<br>
<br>
@ IN SOA <a href="http://ns0.example.net"
moz-do-not-send="true">ns0.example.net</a>. <a
href="http://hostmaster.example.net" moz-do-not-send="true">hostmaster.example.net</a>.
(<br>
2002061000 ; serial number
YYMMDDNN<br>
28800 ; refresh 8 hours<br>
7200 ; retry 2 hours<br>
864000 ; expire 10 days<br>
86400 ) ; min ttl 1 day<br>
NS <a href="http://ns0.example.net"
moz-do-not-send="true">ns0.example.net</a>.<br>
NS <a href="http://ns1.example.net"
moz-do-not-send="true">ns1.example.net</a>.<br>
<br>
A 127.0.0.1<br>
AAAA ::1<br>
<br>
* IN A 127.0.0.1<br>
* IN AAAA ::1<br>
</div>
<div><br>
</div>
<div>Bind 1:9.20.10-1+ubuntu20.04.1+<a
href="http://deb.sury.org" moz-do-not-send="true">deb.sury.org</a>+1
amd64 runs out of memory and crashes on a 4GB virtual machine
with 1 vCPU. </div>
<div><br>
</div>
<div>I downgraded to 9.18 (and am using the same bind configs as
before) and that "fixed" the issue:</div>
<div><br>
</div>
<div>apt-get install bind9=1:9.18.30-0ubuntu0.20.04.2
bind9-utils=1:9.18.30-0ubuntu0.20.04.2
bind9-libs=1:9.18.30-0ubuntu0.20.04.2<br>
</div>
<div><br>
</div>
<div>So, rather than pretending that the new version of bind is
better, maybe the developers of bind should figure out how to
make the newer versions of bind more memory efficient than the
older versions as opposed to making them significantly worse
in regards to memory usage.</div>
<div><br>
</div>
<div>There have been countless threads in bind-users complaining
about memory usage in the newest versions. It's time that
these reports were taken seriously. They're legit. Newer
versions of bind use more memory. Why? I don't know... I'm
not a bind developer. </div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
</body>
</html>