A daemon calling abort() in response to malloc failure is like depositing all your money in response to capital controls.
@laurentbercot This issue actually came up in practice on the maradns list a few years ago. Whole dns goes down if one request OOMs.
-
-
@RichFelker It's obviously better to specifically handle ENOMEM when you have a huge state that's costly to lose, such as a DNS cache. -
@laurentbercot You lose not just the cache, but the ability to serve future requests. That's the point of my "depositing your cash" analogy. -
@RichFelker Not if your daemon is supervised: it will come back up when the crisis is over. You can't serve while there's no mem anyway. -
@laurentbercot Sure you can. Serving cached or authoritative results takes no memory. -
@RichFelker Not arguing that maradns did the right thing. It didn't. (dnscache and tinydns don't have that problem; they're better designed) -
@RichFelker Just that in some cases (NOT a DNS cache), it's just as well for your daemon to exit on oom, and be restarted when possible.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.