Ubuntu
bind9 package

memory leak

Bug #2039207 reported by Sysadm Dude
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

After running just over 5 million requests, bind was using over 6GB of RAM.

ps -xavv |grep bind
  96288 ? Ssl 142:30 60 320 6768827 6388500 78.5 /usr/sbin/named -u bind

I don't know if this is important.
Request from a golang application
...
records, err := net.DefaultResolver.LookupNS(context.Background(), domain)

ubuntu updated
version
Description: Ubuntu 22.04.3 LTS
Release: 22.04

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: bind9 1:9.18.12-0ubuntu0.22.04.3
ProcVersionSignature: Ubuntu 5.15.0-86.96-generic 5.15.122
Uname: Linux 5.15.0-86-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Thu Oct 12 19:01:14 2023
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
RelatedPackageVersions:
 bind9utils N/A
 apparmor 3.0.4-2ubuntu2.2
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.bind.named.conf: 2023-10-12T01:49:14.724237
mtime.conffile..etc.bind.named.conf.options: 2023-10-12T00:20:40.153033

Revision history for this message
Sysadm Dude (sysadm5000) wrote :
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Thank you for making this bug report and making Ubuntu better!

Do you happen to have access to your named.conf and other configuration files for bind9? Make sure to remove any secret information such as shared keys before you share it.

How often do you see this happen? If you have an example of how to setup your environment for reproduction, that would be helpful with debugging.

Changed in bind9 (Ubuntu):
status: New → Incomplete
Revision history for this message
Sysadm Dude (sysadm5000) wrote :

/etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

//acl "internals" {127.0.0.1;10.0.0.0/8;};

logging {
        category default { null; };
};

plugin query "filter-aaaa.so" {

        filter-aaaa-on-v4 yes;

        filter-aaaa-on-v6 no;

// filter-aaaa { "internals"; };

};

/etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk. See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        // 0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys. See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

};

...
repeats systematically

If you require additional information, let me know.

client call (golang app) to bind9 via 127.0.0.1:53

Revision history for this message
Sysadm Dude (sysadm5000) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for bind9 (Ubuntu) because there has been no activity for 60 days.]

Changed in bind9 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.