Bug ID 623358: DNS Cache can be configured to use more resources than are available

Last Modified: May 23, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP DNS(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5

Opened: Oct 18, 2016
Severity: 2-Critical
Related AskF5 Article:
K28215072

Symptoms

It is possible to configure these values to limit the cache to use more memory than is available in the system. There are three configurable attributes for DNS cache that control how much memory it uses - Message cache size, Resource Record cache size, and Name Server cache count. In addition, DNS cache runs on each tmm thread, so the figures must be multiplied by the number of tmms. The calculation is: (Message Cache Size + Resource Record Cache Size) + (Name Server Cache Count * 250 bytes) * 2.5 * Number of TMM threads. If there is more than one DNS cache configured, they must all be added together. The total value must be less than half of the total memory assigned to tmm ('tmsh show sys provision', and look at the 'tmos' line) In the event that the settings overcommit the cache and it tries to use more memory than is available, other processes may be starved of memory

Impact

The BIG-IP may restart unexpectedly due to memory starvation. Messages similar to the following may be seen in the logs: /var/log/tmm: panic: unable to alloc 43 bytes /var/log/ltm: err tmm8[30448]: mesh_attach_sub: out of memory /var/log/ltm: err tmm[12078]: hash grow: malloc failed Messages related to 'Aggressive mode sweeper' may also be seen in the LTM log.

Conditions

One or more DNS caches are configured

Workaround

Reconfigure the DNS cache to reduce the memory requirements of the DNS caches.

Fix Information

None

Behavior Change