Limiting the Memory a Name Server Uses
3.22.1 Problem
You want to limit the amount of memory a name server uses.
3.22.2 Solution
Use the max-cache-size options substatement:
options { directory "/var/named"; max-cache-size 10m; // maximum cache size of 10MB };
This tells the name server to remove old, cached records early (i.e., before they're stale) if the size of the cache reaches the limit. If you set this, you may also want to reduce the cleaning interval (the period at which the name server checks for stale records):
options { directory "/var/named"; max-cache-size 10m; // maximum cache size of 10MB cleaning-interval 15; // clean cache every 15 minutes };
You may also find the max-cache-ttl and max-ncache-ttl options substatements handy. These limit the time-to-live values of cached records and cached negative responses, respectively. For example:
options { directory "/var/named"; max-cache-size 10m; // maximum cache size of 10MB cleaning-interval 15; // clean cache every 15 minutes max-cache-ttl 60; // limit cached record to a 60s TTL max-ncache-ttl 60; // limit cache neg. resp. to a 60s TTL };
3.22.3 Discussion
The minimum maximum cache size (that is, the smallest you can set the limit) is two megabytes.
max-cache-size isn't supported until BIND 9.2.0, while max-cache-ttl is supported as far back as 9.0.0. max-ncache-ttl, believe it or not, is supported in BIND 8.2 and later. (It was introduced when BIND name servers began caching negative responses according to the enclosing zone's SOA record, as a safeguard against unintentionally long TTLs.)
Whatever you do, don't set max-cache-ttl to zero. If you do, the name server will let useful records expire (the NS records it receives in referrals, say) before it uses them, and you'll see SERVFAIL responses for domain names in zones outside the name server's authority.
Some administrators are tempted to use the datasize options substatement to limit the size of the data segment the named process uses. Unfortunately, when named reaches the datasize limit, it exits. And then, of course, you have no name server running at all -- though I guess that minimizes its memory utilization.
3.22.4 See Also
Section 3.21 and "System Tuning" in Chapter 10 of DNS and BIND.