[nsd-users] NSD 4.3.9 stops updating zones

Anand Buddhdev anandb at ripe.net
Mon Apr 4 09:37:34 UTC 2022


On 04/04/2022 10:41, Jeroen Koekkoek wrote:

Hi Jeroen,

> There's two things that can be done to reduce the amount of memory
> required. 1) Disable the on-disk database. i.e. 'database: ""' in the
> configuration file. 2) (Re)compile NSD with --disable-radix-tree, as
> the radix tree requires more memory to operate.

We are already running NSD without an on-disk database.

Wouter had suggestion in an old message that disabling the radix tree 
might give us about 10% gain. So this might help us briefly, until the 
steady growth of zone sizes triggers this issue again.

> A tip from a colleague was to change the kernel overcommit value. I
> have no experience with this, so you/we'd have to test this (happy to
> look into this further). Allowing the kernel to always overcommit
> allows the fork to succeed even though double the memory is not
> available. The rationale here being that when a zone is updated, it's
> not the entire size of the RAM, only some pages get overwritten and
> therefore could do the trick.

This is an interesting approach, and I could even try adding swap to the 
server. We currently don't create any swap partitions on our servers.

> I'm thinking the other, perhaps bigger, problem here is the stray
> transfers that are left behind(?) There's some work being done on
> slightly altering the behavior for zone transfers in porting zone
> verification (CreDNS) to NSD. That should already improve the situation
> quite a bit as only a certain window is being retried instead of all
> current transfers before proceeding. Maybe, after that's in, we could
> look into adding an option to throttle updates (not discussed with the
> team).

Yes, this issue is still a problem. It's not just stray transfers. In 
our case, once the master nsd process died, and wasn't replaced, xfrd 
kept performing transfers, and saving them to disk. The log file also 
kept growing, and rotation didn't work. The disappearance of the master 
process wasn't noticed.

Regards,
Anand


More information about the nsd-users mailing list