The default is default

Some days I just don’t understand what people are thinking when they write documentation. Yesterday I installed a simple caching DNS server. That was easy enough with Ubuntu, and the thing is up and running. But my experience with these things tells me that I’d better look into its configuration. We do a lot of DNS resolutions, and I want to make sure that the server doesn’t run out of memory or something.

So I thought I’d start by determining how much memory BIND (the DNS server software) is configured to use. Simple enough, right? As it turns out, no.

According to the BIND Manual (search for “datasize” on that page):

The maximum amount of data memory the server may use. The default is default. This is a hard limit on server memory usage. If the server attempts to allocate memory in excess of this limit, the allocation will fail, which may in turn leave the server unable to perform DNS service. Therefore, this option is rarely useful as a way of limiting the amount of memory used by the server, but it can be used to raise an operating system data size limit that is too small by default. If you wish to limit the amount of memory used by the server, use the max-cache-size and recursive-clients options instead.

That’s nice to know (and I’ll come back to it in a minute), but what is default? I’ve searched up and down through the manual, in the Pro DNS and BIND book, and uncounted Web sites. I even downloaded the BIND source code and spent some quality time with grep. Not a clue. I still have no idea what default is.

“Okay,” I thought, “so I don’t really need to know what the default is. How do I set the cache size?” On the face of it, that turns out to be pretty easy. After all, there’s a max-cache-size option that I can set. The BIND manual says:

The maximum amount of memory to use for the server’s cache, in bytes. When the amount of data in the cache reaches this limit, the server will cause records to expire prematurely so that the limit is not exceeded. In a server with multiple views, the limit applies separately to the cache of each view. The default is unlimited, meaning that records are purged from the cache only when their TTLs expire.

That’s all well and good. I’ll go set my datasize and max-cache-size so that the thing won’t run out of memory. But thinking about the descriptions of those two variables, I got to wondering if the default configuration of BIND is a crash waiting to happen. Consider:

  • The default datasize is some unspecified default value. If the server attempts to allocate memory in excess of this limit, the allocation will fail, which may in turn leave the server unable to perform DNS service.
  • The default max-cache-size value is unlimited.

In any case, if you’re using BIND for a DNS cache, you might want to change your datasize and max-cache-size values, just to be on the safe side.

According to Cricket Liu in DNS & BIND Cookbook:

Some administrators are tempted to use the datasize options substatement to limit the size of the data segment the named process uses. Unfortunately, when named reaches the datasize limit, it exits. And then, of course, you have no name server running at all — though I guess that minimizes its memory utilization.

If that’s true, then it’s probably a very good idea to change the default configuration if you’re running a large DNS cache.