Maintained by: NLnet Labs

Unbound swapping

Eduardo Schoedler
Fri Sep 15 01:21:06 CEST 2017

2017-09-14 5:08 GMT-03:00 W.C.A. Wijngaards via Unbound-users
<unbound-users at>:
> Hi Eduardo,

Hi Wouter!
Thank you for the answer.

> I have no real good idea.  But looking at your numbers, I see that you
> are running a network heavy application, unbound, and it uses about 10G
> on 12G memory.  The buff/cache is 2G.  Adds up to 12G.  And it is
> swapping.  Sounds reasonable, it is maxed out on memory, this is where
> swap is supposed to make space, right?

Yes, our application is really heavy.

Indeed about swap, but when unbound is swapping, performance degrades a lot.
If possible, we expect to not swap at all.

> These options change the buffer space allocated by unbound: so-rcvbuf,
> so-sndbuf, maybe also so-reuseport, or more tcp connections (that use
> buffer space) or more network interfaces, or simply a different kernel
> version that uses (slightly) more memory or something along those lines.

root at dns:~# cat /etc/unbound/unbound.conf | grep 'so-'
    so-rcvbuf: 16m
    so-sndbuf: 16m
    so-reuseport: yes

root at dns:~# cat /etc/unbound/unbound.conf | grep 'tcp'
    do-tcp: yes
    incoming-num-tcp: 1024
    outgoing-num-tcp: 1024

root at dns:~# uname -a
Linux dns 4.9.26-040926-generic #201705031231 SMP Wed May 3 16:34:12
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

> What is the limit on the subnet cache size?  What does the memory max
> out on when the subnetmodule is not enabled?

It's a public DNS resolver project in Brasil (like Google DNS), so...
That's why we need to use subnetcache module.

# cat /etc/unbound/unbound.conf | grep 'subnet'
    module-config: "subnetcache validator iterator"
    send-client-subnet: 2000::/3
    client-subnet-always-forward: no
    max-client-subnet-ipv6: 48
    max-client-subnet-ipv4: 24

In subnetcache module manual says:

"The maximum size of the ECS cache is controlled by 'msg-cache-size'  in
       the configuration file. On top of that, for each query only 100 differ-
       ent subnets are allowed to be stored for each address family. Exceeding
       that number, older entries will be purged from cache."

This section "100-different subnets ... and then purged", how to know
if it's doing exactly this?
My guessing there is a memory leak, because the large memory it uses.

Best regards,

Eduardo Schoedler