Bind, Dualstack and SERVFAIL was: Re: Lot of traffic after installing bind 8.4.3 on sparc

Stefan Schmidt s.schmidt--bind at mcbone.net
Mon Dec 8 10:12:42 UTC 2003


On Fri, Dec 05, 2003 at 08:47:36AM +1100, Mark_Andrews at isc.org wrote:
> > Once upon a time, Paige Stafford  <staffordp1 at ornl.gov> said:
> > >We upgraded from 8.4.1 to 8.4.3 on our Sun, Solaris 8 (one CPU).  Since
> > >then, we too are seeing a higher CPU usage (54.49% vs 0.18%) and alot of
> > >AAAA queries.  Here's a snapshot of a tcpdump from yesterday:
> > I upgraded from 8.4.1 to 8.4.3 this morning and saw similar problems on
> > Tru64.  For the moment I dropped back (I didn't have a chance to
> > investigate much), but I'll also try it with -4.
> 	I think we have a handle on what is causing this.
> 	Specifying '-4' will prevent the problem being triggered
> 	as it disables the dual stack support.
Hi,
maybe my observations will help you on the hunt:
I noticed high CPU usage without a higher (reported) query rate on both Bind
8.4.3 and Bind 9.2.3 on two identical caching-only machines running Linux
2.6.0-test11. Using dnstop i was able to determine what was responsible for
the higher load: named was querying another Nameserver for AAAA records, but
at a rate of about 1000 queries/s. By reviewing the opposite Nameservers
feedback via tethereal i saw it replied server failures (SERVFAIL).
dig version.bind chaos txt revealed it was a Bind Version 9.1.2
Using the -4 switch with Bind8 and recompiling Bind9 with --disable-ipv6 fixes
that behaviour and the unexpected high load.
Needless to say i was surprised by this as the only conclusion that comes to
my mind on this so far is that both Bind8 and Bind9 were looping on this
SERVFAIL feedback from another Nameserver and this using up all CPU they can
get on this.

Oh, Paul: You asked for missing Bind9 features in another thread, i am missing
one thing: Query statistics separated by some common record types
(A,AAAA,MX,NS,SOA,CNAME,PTR,SRV) as in Bind8 would be good for debugging
purposes i.e. seeing which type of client/service is bugging your Nameservers
this time.

best regards,

		Stefan Schmidt (Hostmaster at AS5430)

PS: would have posted this anyways but good to know i'm not the only one
seeing this. ;)


More information about the bind-users mailing list