Unbound memory resource consumption?
Carsten Strotmann
carsten at strotmann.de
Thu Mar 13 13:03:53 UTC 2025
Hello Havard,
On 12 Mar 2025, at 18:24, Havard Eidnes via Unbound-users wrote:
> So ... what I'm looking for is ... what, if anything, can I do to
> find and stop what looks like a massive memory leak? Or ... is
> anyone else observing similar symptoms?
I've seen similar issues with Unbound, BIND 9 and other DNS resolver on Linux, BSD and other Unix systems.
Part of the problem can be the memory allocator used in the OS or in the application. With many small allocations that are typical for a DNS resolver, the memory fragments fast.
I usually plan at least 50%, sometimes 100% or 200% the amount of memory as configured in the DNS resolver application. That is if the resolver is configured with 1 GB of cache memory, I've made sure there is at least 1.5-3 GB of physical memory reserved to account for memory fragmentation.
Testing out other (better for small memory allocations) memory allocators might help.
ISC is now recommending "jemalloc" (https://jemalloc.net/) for BIND 9.
I've heard good things about "mimalloc" (https://github.com/microsoft/mimalloc), but never had the chance to test it on a really busy DNS resolver.
I did a webinar in 2022 for ISC on the topic (Slide 4.10ff):
https://www.isc.org/docs/2022-webinar-bind-memory-management.pdf
Measuring the "working set" is important (see Slide 5.12ff).
Other interesting resources on memory allocators:
https://blog.reverberate.org/2009/02/one-malloc-to-rule-them-all.html
https://web.archive.org/web/20110607183215/http://blog.pavlov.net/2007/11/21/malloc-replacements/
http://hoard.org/
The books from Brandon Gregg are excellent, but mostly Linux centric these days (1st edition was also about Solaris):
Systems Performance: Enterprise and the Cloud, 2nd Edition (2020)
https://www.brendangregg.com/systems-performance-2nd-edition-book.html
While I run my own little DNS servers on NetBSD and OpenBSD, all my experience with large ISP resolver are on Linux.
When I was operating a farm of DNS resolver for an cable ISP in Germany for > 1M subscriber, we've configured the DNS resolver cache to be around 1G. At that point of time (5 years ago) that was the sweet spot for cache size. Larger caches did not help with the query performance or DNS resolver load, as most records cached were only queries once and never again from the cache. Your customer base might vary, but a large cache is not always the optimal configuration.
If you need help compiling Unbound or BIND 9 with a custom allocator for/on NetBSD, let me know.
Greetings
Carsten
More information about the Unbound-users
mailing list