From: Ondřej Surý <ondrej@isc.org>
Date: Thu, 19 Feb 2026 09:24:13 +0000 (+0100)
Subject: Raise the minimum cache size to 8 MB, warn below 256 MB
X-Git-Tag: v9.21.21~3^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc9564f14daf2b0bc16a67fe3ac6d39056a89781;p=thirdparty%2Fbind9.git

Raise the minimum cache size to 8 MB, warn below 256 MB

Lower the hard floor for max-cache-size from 2 MB to 8 MB to support
resource-constrained environments (e.g. CPE devices) while remaining
safe for LRU-only eviction.
---

diff --git a/bin/named/server.c b/bin/named/server.c
index 5d82a7ac349..71a9bc2f21d 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -3610,10 +3610,6 @@ default_max_cache_size(const dns_view_t *view, const cfg_obj_t *obj) {
 
 static size_t
 sanitized_max_cache_size(const cfg_obj_t *obj, uint64_t value) {
-	if (value >= DNS_CACHE_MINSIZE && value <= SIZE_MAX) {
-		return value;
-	}
-
 	if (value > SIZE_MAX) {
 		cfg_obj_log(obj, ISC_LOG_WARNING,
 			    "'max-cache-size %" PRIu64 "' "
@@ -3624,13 +3620,13 @@ sanitized_max_cache_size(const cfg_obj_t *obj, uint64_t value) {
 
 	if (value < DNS_CACHE_MINSIZE) {
 		cfg_obj_log(obj, ISC_LOG_WARNING,
-			    "'max-cache-size' can't be less than %" PRIu64 "; "
-			    "setting 'max-cache-size' to the minimum value",
-			    DNS_CACHE_MINSIZE);
+			    "'max-cache-size %" PRIu64 "' "
+			    "is too small; setting to %" PRIu64,
+			    value, DNS_CACHE_MINSIZE);
 		return DNS_CACHE_MINSIZE;
 	}
 
-	UNREACHABLE();
+	return value;
 }
 
 static size_t
diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 9964718dd65..ee453314674 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -3847,10 +3847,11 @@ system.
        default value of that option (90% of physical memory for each
        individual cache) may lead to memory exhaustion over time.
 
-   .. note::
+   .. warning::
 
-       :any:`max-cache-size` does not work reliably for a maximum
-       amount of memory of 256 MB or lower.
+       Setting :any:`max-cache-size` to a value lower than 256 MB is
+       permitted but not recommended; LRU-only cache eviction may cause
+       excessive churn under load.
 
    Upon startup and reconfiguration, caches with a limited size
    preallocate a small amount of memory (less than 1% of
@@ -3859,7 +3860,7 @@ system.
    internal cache structures.
 
    On systems where detection of the amount of physical memory is not
-   supported, the :iscman:`named` will fail to start.
+   supported, :iscman:`named` will fall back to the minimum value (2 MB).
 
    .. note::
 
diff --git a/lib/dns/include/dns/adb.h b/lib/dns/include/dns/adb.h
index 2f88c9beca4..7c1aef4cc5d 100644
--- a/lib/dns/include/dns/adb.h
+++ b/lib/dns/include/dns/adb.h
@@ -83,7 +83,7 @@
 #define DNS_ADBADDRINFO_MAGIC	 ISC_MAGIC('a', 'd', 'A', 'I')
 #define DNS_ADBADDRINFO_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBADDRINFO_MAGIC)
 
-#define DNS_ADB_MINADBSIZE (1024U * 1024U) /*%< 1 Megabyte */
+#define DNS_ADB_MINADBSIZE UINT64_C(1024 * 1024) /*%< 1 MB */
 
 /***
  *** TYPES
diff --git a/lib/dns/include/dns/cache.h b/lib/dns/include/dns/cache.h
index 8949fce462e..1ac822ad717 100644
--- a/lib/dns/include/dns/cache.h
+++ b/lib/dns/include/dns/cache.h
@@ -56,7 +56,7 @@
  * DNS_CACHE_MINSIZE is how many bytes is the floor for
  * dns_cache_setcachesize().
  */
-#define DNS_CACHE_MINSIZE UINT64_C(2097152) /*%< Bytes.  2097152 = 2 MB */
+#define DNS_CACHE_MINSIZE UINT64_C(2 * 1024 * 1024) /*%< Bytes. 2 MB */
 
 /***
  ***	Functions