summaryrefslogtreecommitdiffstats
path: root/lib/cache/README.rst
blob: 00c227abb078055c6866c2806e24b9454f4910b5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
.. SPDX-License-Identifier: GPL-3.0-or-later

.. _cache_sizing:

Cache sizing
------------

For personal use-cases and small deployments cache size around 100 MB is more than enough.

For large deployments we recommend to run Knot Resolver on a dedicated machine, and to allocate 90% of machine's free memory for resolver's cache.

For example, imagine you have a machine with 16 GB of memory.
After machine restart you use command ``free -m`` to determine amount of free memory (without swap):

.. code-block:: bash

  $ free -m
                total        used        free
  Mem:          15907         979       14928

Now you can configure cache size to be 90% of the free memory 14 928 MB, i.e. 13 453 MB:

.. code-block:: lua

   -- 90 % of free memory after machine restart
   cache.size = 13453 * MB

.. _cache_persistence:

Cache persistence
-----------------
.. tip:: Using tmpfs for cache improves performance and reduces disk I/O.

By default the cache is saved on a persistent storage device
so the content of the cache is persisted during system reboot.
This usually leads to smaller latency after restart etc.,
however in certain situations a non-persistent cache storage might be preferred, e.g.:

  - Resolver handles high volume of queries and I/O performance to disk is too low.
  - Threat model includes attacker getting access to disk content in power-off state.
  - Disk has limited number of writes (e.g. flash memory in routers).

If non-persistent cache is desired configure cache directory to be on
tmpfs_ filesystem, a temporary in-memory file storage.
The cache content will be saved in memory, and thus have faster access
and will be lost on power-off or reboot.


.. note:: In most of the Unix-like systems ``/tmp`` and ``/var/run`` are commonly mounted to tmpfs.
   While it is technically possible to move the cache to an existing
   tmpfs filesystem, it is *not recommended*: The path to cache is specified in
   multiple systemd units, and a shared tmpfs space could be used up by other
   applications, leading to ``SIGBUS`` errors during runtime.

Mounting the cache directory as tmpfs_ is recommended apparoach.
Make sure to use appropriate ``size=`` option and don't forget to adjust the
size in the config file as well.

.. code-block::

   # /etc/fstab
   tmpfs	/var/cache/knot-resolver	tmpfs	rw,size=2G,uid=knot-resolver,gid=knot-resolver,nosuid,nodev,noexec,mode=0700 0 0

.. code-block:: lua

   # /etc/knot-resolver/config
   cache.size = 2 * GB

.. _tmpfs: https://en.wikipedia.org/wiki/Tmpfs