Limiting how much memory BIND can use


I support BIND on a few servers, and when run as a caching name server, BIND can consume a fair amount of memory if you have lots of clients. There are two ways to restrict the amount of memory BIND uses. The first method, which is described in Pro DNS and BIND, is to set the “datasize” variable to the total amount of memory you want to allocate to BIND. The book provides an awesome description of this variable:

datasize "The maximum amount of data memory the server may use. The default is default. This is a hard limit on server memory usage. If the server attempts to allocate memory in excess of this limit, the allocation will fail, which may in turn leave the server unable to perform DNS service. Therefore, this option is rarely useful as a way of limiting the amount of memory used by the server, but it can be used to raise an operating system data size limit that is too small by default. If you wish to limit the amount of memory used by the server, use the max-cache-size and recursive-clients options instead.”

The datasize variable is definitely useful in some cases, but can lead to server failures if BIND attempts to allocate memory above the threshold defined by datasize. A better method to limit memory is to use the max-cache-size variable, which will cause BIND to expire entries when it approaches the memory limit defined by max-cache-size. The Pro DNS and BIND book provides the following description of max-cache-size:

max-cache-size "The maximum amount of memory to use for the server’s cache, in bytes. When the amount of data in the cache reaches this limit, the server will cause records to expire prematurely so that the limit is not exceeded. In a server with multiple views, the limit applies separately to the cache of each view. The default is unlimited, meaning that records are purged from the cache only when their TTLs expire.”

If you manage servers running BIND, I highly recommend picking up a copy of Pro DNS and BIND. It is an AWESOME book, and should be on every DNS admins bookshelf.

This article was posted by Matty on 2006-09-16 13:12:00 -0400 -0400