Re: Merging DNS servers
On 26. 04. 22 19:47, Bob Harold wrote: On Tue, Apr 26, 2022 at 11:36 AM Leroy Tennison via bind-users mailto:bind-users@lists.isc.org>> wrote: I am working on shutting down a site which has an isc-bind server that is master for a domain and subnet which will exist elsewhere once the site is closed. The few remaining systems don't warrant such a server. My goal is to merge what remains of the domain/subnet into an existing server which is master for other domains/subnets. My current thinking is to: freeze changes on the server being retired (fortunately DHCP's DDNS won't be an issue by that point) shut down that server take the data files (forward and reverse zone with associated journal files) and place them on the remaining server make sure the data file types are consistent change the the remaining server's type from slave to master for the zones in question restart the remaining server Is this a good plan? If not, how should I proceed? Anything I'm missing? Thanks in advance for your input. -- Sounds good to me. If you use "rndc freeze", then you should not need to copy the journal files. If there are any other secondary servers (and you almost always want more than just the master), then change those to pull from the new server, and make sure that is working, before starting the steps you listed. It's almost but incomplete - first step is missing. The very first step should be removing references to to-be-removed server from NS set **in the parent zone** and also in the zone files you control, and also clearing up glue records in the parent. Then wait for (max TTL + propagation delay) computed over all RR sets modified **in parent and child**, and only _then_ you can shutdown the old server. Pro tip: You can lower the TTLs before so it you do not need to wait that long when the shutdown event is due. Commands: $ rndc sync -clean $ rndc stop ... might be a good idea as well, I think. -- Petr Špaček -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Tuning Authoritative Memory Usage
Hi!
I run a number of BIND9 (9.16-27-1~deb11u1 - Debian Stable) secondaries with some large zones (10s
of DNSSEC-signed zones with ~100k records, not counting signatures, with a smattering of other
zones). Somewhat to my surprise, even with "recursion no" the memory usage of instances is highly
correlated with the hosts's available memory - BIN9 uses ~400M RSS on hosts with 1G of non-swap
memory, but 2.3G on hosts with 4G of non-swap memory, all with identical configs and the same zones.
I can't seem to find any references to anything in the ARM which would allow tuning of memory usage
for non-recursive servers, and the only real reference to anything about memory I could find was
"max-cache-size". The entire bind config follows:
zone "." { type hint...}
zone "localhost/127/0/255.in-addr.arpa" { type master; ... }
zone "zones.catalog" { type slave; file ...; masterfile-format text; masters {
.. }; notify no; };
zone "zones2.catalog" { type slave; file ...; masterfile-format text; masters {
.. }; notify no; };
options {
dnssec-validation auto;
listen-on-v6 { any; };
allow-transfer { none; };
notify explicit;
recursion no;
max-journal-size 4096;
max-cache-size 8M;
zone-statistics yes;
masterfile-format raw;
catalog-zones {
zone "zones.catalog"
default-masters { ... }
in-memory no
min-update-interval 10;
zone "zones2.catalog"
default-masters { ... }
in-memory no
min-update-interval 10;
};
};
Thanks,
Matt
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Tuning Authoritative Memory Usage
On 27. 04. 22 16:04, Matt Corallo wrote:
I run a number of BIND9 (9.16-27-1~deb11u1 - Debian Stable) secondaries
with some large zones (10s of DNSSEC-signed zones with ~100k records,
not counting signatures, with a smattering of other zones). Somewhat to
my surprise, even with "recursion no" the memory usage of instances is
highly correlated with the hosts's available memory - BIN9 uses ~400M
RSS on hosts with 1G of non-swap memory, but 2.3G on hosts with 4G of
non-swap memory, all with identical configs and the same zones.
Before we dive in, the general recommendation is:
"If you are concerned about memory usage, upgrade to BIND 9.18." It has
lot smaller memory footprint than 9.16.
It can have many reasons, but **if the memory usage is not growing
without bounds** then I'm betting it is just an artifact of the old
memory allocator. It has a design quirk which causes it not return
memory to OS (if it allocated in small blocks). As a result, the memory
usage visible on OS level peaks at some value and then stays there.
If that's what's happening you should see it in internal BIND
statistics: Stats channel at URL /json/v1 shows value memory/InUse which
will be significantly smaller than value seen by OS.
In case the two values are close then you are seeing some other quirk
and we need to dig deeper.
Petr Špaček
P.S. BIND 9.18 does not suffer from this, so I suggest you just upgrade
and see.
I can't seem to find any references to anything in the ARM which would
allow tuning of memory usage for non-recursive servers, and the only
real reference to anything about memory I could find was
"max-cache-size". The entire bind config follows:
zone "." { type hint...}
zone "localhost/127/0/255.in-addr.arpa" { type master; ... }
zone "zones.catalog" { type slave; file ...; masterfile-format text;
masters { .. }; notify no; };
zone "zones2.catalog" { type slave; file ...; masterfile-format text;
masters { .. }; notify no; };
options {
dnssec-validation auto;
listen-on-v6 { any; };
allow-transfer { none; };
notify explicit;
recursion no;
max-journal-size 4096;
max-cache-size 8M;
zone-statistics yes;
masterfile-format raw;
catalog-zones {
zone "zones.catalog"
default-masters { ... }
in-memory no
min-update-interval 10;
zone "zones2.catalog"
default-masters { ... }
in-memory no
min-update-interval 10;
};
};
Thanks,
Matt
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
