bind-9.10.0-P2 memory leak?

[Christian Laursen]

Hello

I recently upgraded my authoritative nameservers to bind-9.10.0-P2 and 
after a while one of them ended up using all its swap and the named 
process got killed. The other servers are seeing similar behaviour, but 
I restarted named on all of them to postpone further crashes.


I am using rate-limiting as well DLZ with PostgreSQL. The server has two 
views. The operating system is FreeBSD 8.4.


My configuration:
http://borderworlds.dk/~xi/named-leak/named.conf

Log of the memory usage:
http://borderworlds.dk/~xi/named-leak/named-mem-usage.log

As you can see, in less than a week, named has grown more than 900MB in 
size.


Is anyone else experiencing something similar?

If I need to provide more information, I will be happy to do so.

--
Christian Laursen

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-9.10.0-P2 memory leak?

[Thomas Schulz]

> Hello
> 
> I recently upgraded my authoritative nameservers to bind-9.10.0-P2 and 
> after a while one of them ended up using all its swap and the named 
> process got killed. The other servers are seeing similar behaviour, but 
> I restarted named on all of them to postpone further crashes.
> 
> I am using rate-limiting as well DLZ with PostgreSQL. The server has two 
> views. The operating system is FreeBSD 8.4.
> 
> My configuration:
> http://borderworlds.dk/~xi/named-leak/named.conf
> 
> Log of the memory usage:
> http://borderworlds.dk/~xi/named-leak/named-mem-usage.log
> 
> As you can see, in less than a week, named has grown more than 900MB in 
> size.
> 
> Is anyone else experiencing something similar?
> 
> If I need to provide more information, I will be happy to do so.
> 
> -- 
> Christian Laursen

What version did you upgrade from? I am seeing bind 9.9.5 and 9.9.6
grow without any evidence that it will ever stop. See my mail to this
list with the subject "Re: Process size versus cache size." Mine is
growing slower than yours, but it is now up to 548 MB.

Tom Schulz
Applied Dynamics Intl.
sch...@adi.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-9.10.0-P2 memory leak?

[Vinícius Ferrão]

I'm having the exactly same issue. Take a look at my post @ServerFault: 
http://serverfault.com/questions/616752/bind-9-10-constantly-killed-on-freebsd-10-0-with-out-of-swap-space

Sent from my iPhone

On 09/09/2014, at 11:15, "Thomas Schulz"  wrote:

>> Hello
>> 
>> I recently upgraded my authoritative nameservers to bind-9.10.0-P2 and 
>> after a while one of them ended up using all its swap and the named 
>> process got killed. The other servers are seeing similar behaviour, but 
>> I restarted named on all of them to postpone further crashes.
>> 
>> I am using rate-limiting as well DLZ with PostgreSQL. The server has two 
>> views. The operating system is FreeBSD 8.4.
>> 
>> My configuration:
>> http://borderworlds.dk/~xi/named-leak/named.conf
>> 
>> Log of the memory usage:
>> http://borderworlds.dk/~xi/named-leak/named-mem-usage.log
>> 
>> As you can see, in less than a week, named has grown more than 900MB in 
>> size.
>> 
>> Is anyone else experiencing something similar?
>> 
>> If I need to provide more information, I will be happy to do so.
>> 
>> -- 
>> Christian Laursen
> 
> What version did you upgrade from? I am seeing bind 9.9.5 and 9.9.6
> grow without any evidence that it will ever stop. See my mail to this
> list with the subject "Re: Process size versus cache size." Mine is
> growing slower than yours, but it is now up to 548 MB.
> 
> Tom Schulz
> Applied Dynamics Intl.
> sch...@adi.com
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-9.10.0-P2 memory leak?

[Mike Hoskins (michoski)]

Do you guys have max-cache-size set?  I didn't see it in the borderworlds
named.conf.  I've seen similar growth problems when testing 9.x before
setting that (experiment at the time just to see what would happen, and
confirmed this behavior).  Set sensible resource limits based on available
resources.

-Original Message-
From: Vinícius Ferrão 
Date: Tuesday, September 9, 2014 at 10:17 AM
To: Thomas Schulz 
Cc: "bind-us...@isc.org" 
Subject: Re: bind-9.10.0-P2 memory leak?

>I'm having the exactly same issue. Take a look at my post @ServerFault:
>http://serverfault.com/questions/616752/bind-9-10-constantly-killed-on-fre
>ebsd-10-0-with-out-of-swap-space
>
>Sent from my iPhone
>
>On 09/09/2014, at 11:15, "Thomas Schulz"  wrote:
>
>>> Hello
>>> 
>>> I recently upgraded my authoritative nameservers to bind-9.10.0-P2 and
>>> after a while one of them ended up using all its swap and the named
>>> process got killed. The other servers are seeing similar behaviour,
>>>but 
>>> I restarted named on all of them to postpone further crashes.
>>> 
>>> I am using rate-limiting as well DLZ with PostgreSQL. The server has
>>>two 
>>> views. The operating system is FreeBSD 8.4.
>>> 
>>> My configuration:
>>> http://borderworlds.dk/~xi/named-leak/named.conf
>>> 
>>> Log of the memory usage:
>>> http://borderworlds.dk/~xi/named-leak/named-mem-usage.log
>>> 
>>> As you can see, in less than a week, named has grown more than 900MB
>>>in 
>>> size.
>>> 
>>> Is anyone else experiencing something similar?
>>> 
>>> If I need to provide more information, I will be happy to do so.
>>> 
>>> -- 
>>> Christian Laursen
>> 
>> What version did you upgrade from? I am seeing bind 9.9.5 and 9.9.6
>> grow without any evidence that it will ever stop. See my mail to this
>> list with the subject "Re: Process size versus cache size." Mine is
>> growing slower than yours, but it is now up to 548 MB.
>> 
>> Tom Schulz
>> Applied Dynamics Intl.
>> sch...@adi.com
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>unsubscribe from this list
>> 
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>___
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-9.10.0-P2 memory leak?

[lconrad]

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Two domains reporting errors

[LuKreme]

# named-checkconf -z | grep -v loaded
master/bt.tld:3: ignoring out-of-zone data (bt.tld)
master/bt.tld:15: ignoring out-of-zone data (webdav.bt.tld)
_default/dw.tld/IN: bad zone
master/bt.tld:16: ignoring out-of-zone data (www.bt.tld)
zone dw.tld/IN: has 0 SOA records
zone dw.tld/IN: has no NS records

So, line 3 in bt.tld is the SOA line which looks as far as I can tell, 
basically identical to every other file:

==> master/covisp.net <==
$ORIGIN .
$TTL 86400  ; 1 day
covisp.net  IN SOA  covisp.net. root.covisp.net. (

==> master/bt.tld <==
$ORIGIN .
$TTL 86400  ; 1 day
bt.tldIN SOA  bt.tld. root.covisp.net. (

and line 15 and 16 do redirect to www.covisp.net (but then, so do all the other 
webdav.* and www.* domains in other files)

For the second domain, I don't understand the _default/dw.tld/IN error at all, 
and the file starts like all the others:

# head -3  master/dw.tld 
$ORIGIN .
$TTL 86400
@IN  SOA dw.tld. root.covisp.net.  (

(all the files have same permissions and all are in /etc/named/master)

-- 
I DID NOT SEE ELVIS Bart chalkboard Ep. 7G07

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Two domains reporting errors

[Mark Andrews]

In message <3cadc2fc-7338-4ac0-a6a2-c1aac48cb...@kreme.com>, LuKreme writes:
> # named-checkconf -z | grep -v loaded
> master/bt.tld:3: ignoring out-of-zone data (bt.tld)
> master/bt.tld:15: ignoring out-of-zone data (webdav.bt.tld)
> _default/dw.tld/IN: bad zone
> master/bt.tld:16: ignoring out-of-zone data (www.bt.tld)
> zone dw.tld/IN: has 0 SOA records
> zone dw.tld/IN: has no NS records

You are trying load the bt.tld zone into dw.tld.  Fix named.conf.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Two domains reporting errors

[LuKreme]

On 09 Sep 2014, at 19:42 , LuKreme  wrote:
> # named-checkconf -z | grep -v loaded

Never mind. I recreated the files from scratch and the errors went away.



-- 
I DID NOT SEE ELVIS Bart chalkboard Ep. 7G07

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Two domains reporting errors

[Mark Andrews]

In message , LuKreme writes:
> On 09 Sep 2014, at 19:42 , LuKreme  wrote:
> > # named-checkconf -z | grep -v loaded
> 
> Never mind. I recreated the files from scratch and the errors went away.

Which, presumably, is because all the records have relative names.  You
still need to fix named.conf because that is where the error is.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-9.10.0-P2 memory leak?

[staticsafe]

On 9/9/2014 05:05, lcon...@go2france.com wrote:
> freebsd 10.0, bind-9.10.0-p2
> 
> logging the rss field for named process:
> 
> 
> less /var/tmp/bind_rss_history.txt
> 
> This never happened with earlier BIND9, and our mx1 uses this recursive
> BIND machine for all domain/ptr  lookups
> 
> I've never seen any bind take over 1GB of RAM.
> 
> max-cache-size isn't the solution, only a band-aid
> 
> the sawtooth above is from restarting named.
> 
> named has halted twice in the past couple weeks, we suspected some kind
> of attack, the only trace we had was in syslog with something like "swap
> space failed, named halted", but with a dedicated DNS box and 3 GB,
> there should never be any swapping.  I set a watcher for "swap used >
> 1%".  Got an alert, I saw the named rss to be 1.9GB.  restarted bind and
> wrote the rss named logging script.
> 
> Len
> 

This is a bit worrying for me, as I am running this version on my
master. Do you mind sharing the rss watcher/logging script?

-- 
staticsafe
https://staticsafe.ca
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-9.10.0-P2 memory leak?

[Len Conrad]

At 09:40 PM 9/9/2014, you wrote:
>On 9/9/2014 05:05, lcon...@go2france.com wrote:
>> freebsd 10.0, bind-9.10.0-p2
>> 
>> logging the rss field for named process:
>> 
>> 
>> less /var/tmp/bind_rss_history.txt
>> 
>> This never happened with earlier BIND9, and our mx1 uses this recursive
>> BIND machine for all domain/ptr  lookups
>> 
>> I've never seen any bind take over 1GB of RAM.
>> 
>> max-cache-size isn't the solution, only a band-aid
>> 
>> the sawtooth above is from restarting named.
>> 
>> named has halted twice in the past couple weeks, we suspected some kind
>> of attack, the only trace we had was in syslog with something like "swap
>> space failed, named halted", but with a dedicated DNS box and 3 GB,
>> there should never be any swapping.  I set a watcher for "swap used >
>> 1%".  Got an alert, I saw the named rss to be 1.9GB.  restarted bind and
>> wrote the rss named logging script.
>> 
>> Len
>> 
>
>This is a bit worrying for me, as I am running this version on my
>master. Do you mind sharing the rss watcher/logging script?

 cat /usr/local/bin/bind_rss_history.sh 

#!/bin/sh
touch /var/tmp/bind_rss_history.txt

RSS=`ps auxw | awk '/^bind.*named/{print $6}'`

NOW=`date "+%Y-%m-%d %H:%M:%S"`

echo "$NOW $RSS" | awk '{printf "%10s%10s%11s\n",$1,$2,$3}' >> 
/var/tmp/bind_rss_history.txt

exit 0



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-9.10.0-P2 memory leak?

[staticsafe]

On 9/9/2014 23:17, Len Conrad wrote:
> 
>  cat /usr/local/bin/bind_rss_history.sh 
> 
> #!/bin/sh
> touch /var/tmp/bind_rss_history.txt
> 
> RSS=`ps auxw | awk '/^bind.*named/{print $6}'`
> 
> NOW=`date "+%Y-%m-%d %H:%M:%S"`
> 
> echo "$NOW $RSS" | awk '{printf "%10s%10s%11s\n",$1,$2,$3}' >> 
> /var/tmp/bind_rss_history.txt
> 
> exit 0

Thanks!

-- 
staticsafe
https://staticsafe.ca
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: A record of domain name must be name server ?

[Pete Fong]

Hi Kevin,

Thanks for your help. Do not worry. The IP address 192.168.1.100 is just
for example.

Best Regards,
Pete Fong


2014-09-09 3:30 GMT+08:00 Kevin Darcy :

>  Based on the zone contents below, you shouldn't have any problem
> changing the 192.168.1.100 address to anything you want.
>
> But, of course, the zone is illegal because it only has 1 NS record
> published at the apex (there is a strict minimum of at least 2), and, as it
> stands now, if it is an Internet-facing zone, it's also illegal due to the
> presence of a private (192.168.*.*) address in the zone. You said that
> 192.168.1.100 is "our one of DNS server", but hopefully you don't mean that
> it's a nameserver for *this* zone, or that the zone is not Internet-facing,
> or the 192.168.1.100 address is presented in a NAT (network address
> translated) form to the Internet, since, again, you can't use private
> addresses on the Internet. By definition.
>
>
>
> - Kevin
> On 9/8/2014 3:43 AM, Pete Fong wrote:
>
>  Hi Everybody,
>
>  The below item is our DNS (BIND) server configuration. our Domain*
> xxx.com  *is assigned IP address 192.168.1.100 which is
> our one of DNS server. Can we change it to our web server IP address ?
> Because we want anybody access our domain *xxx.com * with
> internet browser then it will go to our webpage. Am I correct ? I really
> appreciate anybody help.
>
> @  IN SOA ns1.xxx.com. root.ns1.xxx.com (
>   2014090801 ; serial
>   2h  ; refresh
>   10m; retry
>   1w ; expiry
>   1h )
>
> IN NS ns1.xxx.com.
> IN A  192.168.1.100
>
>  Thank and Best Regards,
>  Pete Fong
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing 
> listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: A record of domain name must be name server ?

[Pete Fong]

Hi,

xxx.com and IP address 192.168.1.100 is just a example domain name and IP
address. Our boss want everybody access our domain example.com through
browser, then it will redirect to our web site www.example.com. So I want
to get more information about unexpected impact when we changed DNS records.

Thanks for your help.

Best Regards,
Pete Fong




2014-09-08 20:02 GMT+08:00 /dev/rob0 :

> On Mon, Sep 08, 2014 at 03:43:22PM +0800, Pete Fong wrote:
> > The below item is our DNS (BIND) server configuration. our Domain*
> > xxx.com
>
> I think that is a porn site.  If you mean to use that name as an
> example, please use "example.com" instead.  Putting HTTP links to
> pornography in your emails is a sure way to fall afoul of various
> content filtering solutions which are in common use.
>
> See RFC 2606 regarding reserved domain names like "example.com".
>
> >  *is assigned IP address 192.168.1.100 which is
> > our one of DNS server. Can we change it to our web server IP
> > address ? Because we want anybody access our domain *xxx.com
> > * with internet browser then it will go to our
> > webpage. Am I correct ? I really appreciate anybody help.
>
> It's not unusual to point an "A" record for "@" at a HTTP server.
> Whatever you are not understanding here, I can't tell.
>
> > @  IN SOA ns1.xxx.com. root.ns1.xxx.com (
> >   2014090801 ; serial
> >   2h  ; refresh
> >   10m; retry
> >   1w ; expiry
> >   1h )
> >
> > IN NS ns1.xxx.com.
> > IN A  192.168.1.100
>
> This zone file would fail named-checkzone(8) testing if loaded as
> "xxx.com", because there is no "A" record for the NS name,
> "ns1.xxx.com."  This zone would fail to load.
>
> If any of your NS names are inside the zone, you must have either or
> both A and  records for those NS names.  Here is the same zone
> without the XXX and with all relative names:
>
> > @  IN SOA ns1 root.ns1 (
> >   2014090801 ; serial
> >   2h  ; refresh
> >   10m; retry
> >   1w ; expiry
> >   1h )
> >
> > IN NS ns1
> > IN A  192.168.1.100
> > ns1 IN A  192.168.1.100
> --
>   http://rob0.nodns4.us/
>   Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users