Re: New BIND 4 & 8 Vulnerabilities

To: "Jeremy C. Reed" <reed@wcug.wwu.edu>
Cc: debian-isp@lists.debian.org
Subject: Re: New BIND 4 & 8 Vulnerabilities
From: Craig Sanders <cas@taz.net.au>
Date: Tue, 19 Nov 2002 09:04:19 +1100
Message-id: <[🔎] 20021118220419.GK9699@taz.net.au>
In-reply-to: <[🔎] Pine.LNX.4.21.0211181105120.27678-100000@sloth.wcug.wwu.edu>
References: <[🔎] 20021116224825.GU18304@taz.net.au> <[🔎] Pine.LNX.4.21.0211181105120.27678-100000@sloth.wcug.wwu.edu>

On Mon, Nov 18, 2002 at 11:06:06AM -0800, Jeremy C. Reed wrote:
> On Sun, 17 Nov 2002, Craig Sanders wrote:
> 
> > FYI, doesn't look like the memory leaks have been fixed:
> > 
> > # ps v -Cnamed
> > PID TTY STAT  TIME MAJFL  TRS   DRS  RSS    %MEM COMMAND
> >6799 ?   S     0:00   111  232 336175 200968 39.1 /usr/sbin/named -u bind
> >6801 ?   S     0:00     0  232 336175 200968 39.1 /usr/sbin/named -u bind
> >6802 ?   S   466:10  2757  232 336175 200968 39.1 /usr/sbin/named -u bind
> >6803 ?   S     0:04     1  232 336175 200968 39.1 /usr/sbin/named -u bind
> >6804 ?   R    49:56     1  232 336175 200968 39.1 /usr/sbin/named -u bind
> > 
> > this is on a machine where bind 8 used to use about 150MB.  bind 9
> > has been running for only 4 days.
> 
> What did that "ps v -Cnamed" show on the earlier and later days?

named (bind8) had been using about 150-160MB for over six months (it
secondaries a huge 75MB zonefile).  i had to upgrade the memory in that machine
from 256MB to 512MB because of this...i finally got around to doing that 2
months ago.  memory usage varied by no more than about 5MB at any given time,
mostly due to variations in the size of the zonefile it secondaries.

here's what i cut and pasted just before i upgraded to bind9:

bind 8.3.3-2:
# ps v -Cnamed
  PID TTY  STAT   TIME  MAJFL   TRS   DRS  RSS %MEM COMMAND
  437 ?    R    2245:18 25633   494 159393 83608 16.2 /usr/sbin/named

and immediately after upgrading to bind9 9.2.1-5:
# ps v -Cnamed
  PID TTY  STAT   TIME  MAJFL   TRS   DRS  RSS %MEM COMMAND
 6799 ?    S      0:00    111   232 192351 174124 33.9 /usr/sbin/named -u bind
 6801 ?    S      0:00      0   232 192351 174124 33.9 /usr/sbin/named -u bind
 6802 ?    S      5:57    189   232 192351 174124 33.9 /usr/sbin/named -u bind
 6803 ?    S      0:00      1   232 192351 174124 33.9 /usr/sbin/named -u bind
 6804 ?    S      0:16      1   232 192351 174124 33.9 /usr/sbin/named -u bind

4 days later, bind9 was consuming over 330MB as the quoted 'ps v' shows above.
so i changed back to bind 8.

i installed bind8 version 8.3.3-3 a few days ago, and memory consumption is
back to what it was:

# ps v -Cnamed
  PID TTY STAT   TIME MAJFL TRS   DRS  RSS    %MEM COMMAND
32705 ?   S    114:42   842 494 157641 152428 29.7 /usr/sbin/named -u bind -g bind

as far as i am concerned, this is sufficient evidence that bind9 has serious
memory consumption problems.  this is exactly why i stopped experimenting with
earlier versions of bind9 on another machine over 6 months ago, and why i
started experimenting with alternatives like djbdns and maradns (unfortunately,
neither of these are adequate as complete replacements for bind - they make OK
caching-only servers but i wouldn't use them as authoritative servers).

this whole exercise has had one benefit at least, i finally set it up to run as
user bind rather than as root.

craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to:

References:
- Re: New BIND 4 & 8 Vulnerabilities
  - From: Craig Sanders <cas@taz.net.au>
- Re: New BIND 4 & 8 Vulnerabilities
  - From: "Jeremy C. Reed" <reed@wcug.wwu.edu>

Prev by Date: Re: how to upgrade dozens of debian servers
Next by Date: Re: how to upgrade dozens of debian servers
Previous by thread: Re: New BIND 4 & 8 Vulnerabilities
Next by thread: RE: New BIND 4 & 8 Vulnerabilities
Index(es):
- Date
- Thread