Bug ID 623358: DNS Cache can be configured to use more resources than are available

Last Modified: Apr 29, 2023

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,

Opened: Oct 18, 2016

Severity: 2-Critical

Related Article: K28215072


It is possible to configure these values to limit the cache to use more memory than is available in the system. There are three configurable attributes for DNS cache that control how much memory it uses - Message cache size, Resource Record cache size, and Name Server cache count. In addition, DNS cache runs on each tmm thread, so the figures must be multiplied by the number of tmms. The calculation is: (Message Cache Size + Resource Record Cache Size) + (Name Server Cache Count * 250 bytes) * 2.5 * Number of TMM threads. If there is more than one DNS cache configured, they must all be added together. The total value must be less than half of the total memory assigned to tmm ('tmsh show sys provision', and look at the 'tmos' line) In the event that the settings overcommit the cache and it tries to use more memory than is available, other processes may be starved of memory


The BIG-IP may restart unexpectedly due to memory starvation. Messages similar to the following may be seen in the logs: /var/log/tmm: panic: unable to alloc 43 bytes /var/log/ltm: err tmm8[30448]: mesh_attach_sub: out of memory /var/log/ltm: err tmm[12078]: hash grow: malloc failed Messages related to 'Aggressive mode sweeper' may also be seen in the LTM log.


One or more DNS caches are configured


Reconfigure the DNS cache to reduce the memory requirements of the DNS caches.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips