[nsd-users] Larger memory footprint with direct-rdata-storage in NSD 4.14.0

Saj Goonatilleke saj at discourse.org
Tue Dec 16 14:11:41 UTC 2025 

Hello,

We recently updated from NSD 4.13.0 to 4.14.0.

> Refactor RDATA storage to reduce memory footprint

https://github.com/NLnetLabs/nsd/pull/444

> The amount of reduction depends on the zone contents.

We observed a reduction across our smaller zones and nameservers, however we also observed the opposite:  the nameservers serving our largest zones now consume more memory on NSD 4.14.0.  Is this to be expected in some cases?

The absolute figures here are trivial and are of no practical concern to us.  We are not a registry, and so even our largest zones are tiny in comparison to some of your other users. :)  I nevertheless wondered whether this behaviour was expected.  If unexpected, and if the adverse outcome is liable to scale on some very large zones, maybe this report would be of interest to you.

Unfortunately, I am unable to share our zone data for it includes confidential information that is not served on public networks, though I am happy to share what information I can.  I will focus on one zone that was observed to consume more memory on NSD 4.14.0.

nsd_size_db_in_mem_bytes (size.db.mem) went from ~6.49 Mi on NSD 4.13.0 to ~8.80 Mi on NSD 4.14.0.  There are about 9K RRs in the zone.  Our zones are specifically designed to serve RFC 6763 DNS-SD data (and nothing else).  We never load more than one zone into each NSD server.  We build with --enable-packed and --disable-radix-tree; our complete set of configure flags can be found at the bottom of this message.  The positive delta is reproducible on Linux and macOS.

Here is the aggregate composition of that zone by RR type:

2626 AAAA
1871 PTR
   1 SOA
2736 SRV
1871 TXT
=========
9105 sum

I copied the zone data to my workstation then loaded it into NSD 4.13.0 and 4.14.0.

NSD 4.13.0	size.db.mem=6717192
NSD 4.14.0	size.db.mem=9116758

(I am using a Mac and found it easiest to test here.  The numbers on my Mac are a little different from our production Linux machines, though they are close.)

First, out of curiosity, I removed all TXT RRs from the zone to see whether it would make a difference.  (Most TXT RDATA in our zone is empty.)  No, a positive delta is still observed in this case.

sans TXT RRs:
NSD 4.13.0	size.db.mem=6589376
NSD 4.14.0	size.db.mem=9031828

Next, I removed all PTR RRs from the zone.  (TXT RRs were restored here.)

sans PTR RRs:
NSD 4.13.0	size.db.mem=1289724
NSD 4.14.0	size.db.mem=1063808

We observe a negative delta only after removing all PTR RRs.

Here is a small representative sample of some PTR RRs with substrings redacted.

_prom-exp._tcp  30      IN      PTR     redacted-aaaaaaaaa-master._prom-exp._tcp
_prom-exp._tcp  30      IN      PTR     redacted-aaaaaaaaa-replica._prom-exp._tcp
_prom-exp._tcp  30      IN      PTR     redacted-bbbbbbbb-xyzxyz._prom-exp._tcp
_prom-exp._tcp  30      IN      PTR     redacted-bbbbbbbb-master._prom-exp._tcp
_prom-exp._tcp  30      IN      PTR     redacted-bbbbbbbb-master-xxxxxxxxxxx._prom-exp._tcp
_prom-exp._tcp  30      IN      PTR     redacted-bbbbbbbb-replica._prom-exp._tcp
_prom-exp._tcp  30      IN      PTR     redacted-bbbbbbbb-replica-xxxxxxxxxxx._prom-exp._tcp
_prom-exp._tcp  30      IN      PTR     redacted-zzzzz-master._prom-exp._tcp
_prom-exp._tcp  30      IN      PTR     redacted-zzzzz-replica._prom-exp._tcp

There are 23 unique PTR names here.  _prom-exp._tcp has 1390 PTR RRs.  (This is a long story.)  Three other names have PTR RR counts close to 150.

I thought it would be interesting to compare this zone with another.  As noted above, we observed the expected reduction in memory footprint on some zones, so there must be some difference between these zones.

LHS is the zone from before that exhibited a positive delta on NSD 4.14.0
|    RHS is a zone that exhibited a negative delta on NSD 4.14.0 (good)
|    |
2626 1495 AAAA
1871  964 PTR
   1    1 SOA
2736 1589 SRV
1871  964 TXT
==============
9105 5013 sum

In both cases, PTR RRs make up about 19-21% of the zone, though we have almost 2x as many of them in the zone that exhibited a positive delta in memory footprint when going from NSD 4.13.0 -> 4.14.0.

Here are all of our configure flags.

./configure \
  --with-configdir=/etc/nsd \
  --with-nsd_conf_file=/etc/nsd/nsd.conf \
  --with-pidfile= \
  --with-user=nsd \
  --with-xfrdfile=/var/lib/nsd/xfrd.state \
  --with-zonesdir= \
  --without-ssl \
  --disable-dnstap \
  --disable-largefile \
  --disable-nsec3 \
  --disable-radix-tree \
  --disable-ratelimit \
  --disable-recvmmsg \
  --disable-root-server \
  --disable-systemd \
  --disable-zone-stats \
  --enable-bind8-stats \
  --enable-mmap \
  --enable-packed

Thank you for your work on nsd!

More information about the nsd-users mailing list