Huh... maybe I was right in the first place. I left dnsperf running and named ran out of memory. In my syslog I had a lot of these swap_pager_getswapspace failed messages followed by named finally dying (again, FreeBSD 7.0 STABLE AMD64, 4GB of RAM and the only software running is really BIND).

Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(8): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(6): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(16): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(16): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(7): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(16): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(16): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(5): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(16): failed
Aug 7 00:07:40 rns1 kernel: swap_pager_getswapspace(16): failed
Aug 7 00:07:40 rns1 kernel: pid 52595 (named), uid 53, was killed: out of swap space

So how I can prevent Joe user from doing this to my name servers by simply using dnsperf and pointing it at them?

-Vinny

> -----Original Message-----
> From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
> Behalf Of Vinny Abello
> Sent: Thursday, August 07, 2008 12:11 AM
> To: bind-users@isc.org
> Subject: RE: dnsperf and BIND memory consumption
>
> I hate to reply to my own post, but I think I was mistaken in the
> amount of memory being used and just don't understand the columns in
> top on FreeBSD.
>
> So what is the difference between SIZE and RES? I think RES seems to
> correspond to the actual memory usage. I noticed the free memory wasn't
> dropping as the SIZE column was increasing on the named process. RES
> would increase for a little while then drop which seemed to match my
> free memory in the system. In retrospect, the Windows system I was
> causing the swapping on I think only had about 768MB of RAM and if this
> causes named to use close to 1GB then that would explain it.
>
> This still begs the question though, what is all that memory being used
> for when I'm just doing the same handful of queries over and over?
>
> Thanks again for any schooling.
>
> -Vinny
>
> > -----Original Message-----
> > From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
> > Behalf Of Vinny Abello
> > Sent: Wednesday, August 06, 2008 11:56 PM
> > To: bind-users@isc.org
> > Subject: dnsperf and BIND memory consumption
> >
> > Hi everyone,
> >
> > I noticed some odd behavior with BIND 9.5.0-P2 in regards to memory
> > utilization when being tested using dnsperf. The memory usage just
> > continually climbs and never levels out. I've done this with both
> > queries that require recursion as well as queries with authoritative
> > results. In fact, I can just have a single query for localhost in my
> > dnsperf sample and loop that and I'll still see the memory

> consumption
> > climb for as long as I leave dnsperf running. I have it up over 3GB

> now
> > before I stopped:
> >
> > PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU
> > COMMAND
> > 52595 bind 11 44 0 3228M 933M select 1 0:35 0.00%

> named
> >
> > I was able to trigger the same thing against BIND 9.4.2 running on
> > Windows. The memory usage just keeps climbing. Can someone explain

> why
> > this happens, and secondly how to prevent it from happening? Any user
> > with dnsperf could easily exhaust the memory on a server running BIND
> > from what I'm looking at. This just seems too easy to trigger and too
> > big of an oversight for this to be true. I'm hoping I'm just mistaken
> > and am not really understanding what's going on here. If there is a

> way
> > to prevent this with some options for limiting memory, shouldn't

> there
> > be sensible defaults in place if none are specified? I know I've

> caused
> > Windows to massively slow down and start swapping by doing this. And
> > what is the point of using all of that memory anyway? If I just keep
> > doing a query for localhost which is an authoritative answer, what
> > information could named possibly be continuously using memory for?
> >
> > I'm curious what will happen if I just leave dnsperf running

> unchecked
> > and watch the server. The one I'm testing is not in production so it
> > doesn't matter. I'm just curious.
> >
> >
> > Also, one side note: I noticed that my test data with recursive data
> > yields about 15k queries per second on this machine whereas my
> > authoritative localhost queries only clock in around 4k on the same

> box
> > and version of BIND. Why is that?
> >
> > I should mention that the memory never gets out of control under

> normal
> > usage as a caching name server doing several hundred recursive

> queries
> > per second. I've only noticed it with dnsperf... unless it is just
> > accelerating a problem that is there under normal load as well.
> >
> > Thanks for any pointers...
> >
> > -Vinny
> >

>