BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization
Adam Tkac
atkac at redhat.com
Tue Jul 10 14:32:41 UTC 2012
On Tue, Jul 10, 2012 at 10:15:01PM +0800, Drunkard Zhang wrote:
> 2012/7/10 Shon Stephens <sstephens at mentora.com>:
> > Dear All,
> >
> > I am running the version of BIND provided by RPM packages with RHEL
> > 6.2. This is a new server build replacing a previous server. That host was
> > running an earlier version of BIND and and earlier version of RHEL. The
> > config files have remained relatively the same, but the CPU utilization of
> > the newer version is magnitudes of order higher.
> >
> >
> >
> > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
> > COMMAND
> >
> > 30462 named 20 0 282m 80m 2588 S 43.5 2.1
> > 378:33.05 named
> >
> >
> >
> > I've seen other posts about missing "managed-keys" directive and attempted
> > to add that to my config as a solution. This does not seem to help. Here is
> > my named.conf (sanitized). I've made sure that recursion is limited to our
> > ACL and there doesn't seem to be any difference from previous periods in the
> > number of queries being answered by the server. Any help is much
> > appreciated.
> >
> >
> >
> > Yours,
> > Shon
> >
> >
> >
> >
> >
> > ~]# rndc status
> >
> > version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
> >
> > CPUs found: 2
> >
> > worker threads: 2
> >
> > number of zones: 84
> >
> > debug level: 0
> >
> > xfers running: 0
> >
> > xfers deferred: 0
> >
> > soa queries in progress: 0
> >
> > query logging is ON
> >
> > recursive clients: 6/0/1000
> >
> > tcp clients: 0/100
> >
> > server is up and running
> >
> >
> >
> > // named.conf - BIND name server configuration file
> >
> > include "/etc/rndc.key";
> >
> > controls {
> >
> > inet 127.0.0.1 port 953
> >
> > allow { 127.0.0.1; };
> >
> > };
> >
> > // Blackhole requests from these networks
> >
> > acl "bogusnets" {
> >
> > 0.0.0.0/8;
> >
> > 1.0.0.0/8;
> >
> > 2.0.0.0/8;
> >
> > 192.0.2.0/24;
> >
> > 224.0.0.0/3;
> >
> > };
> >
> > // Trusted networks
> >
> > acl "trusted" {
> >
> > some_trusted_networks;
> >
> > };
> >
> > // Trusted name servers
> >
> > acl "nameservers" {
> >
> > some_ips_of_nameservers;
> >
> > };
> >
> > // Global config options
> >
> > options {
> >
> > directory "/var/named";
> >
> > dump-file "data/cache_dump.db";
> >
> > statistics-file "data/named_stats.txt";
> >
> > managed-keys-directory "/var/named/dynamic";
> >
> > blackhole { "bogusnets"; };
> >
> > allow-query { any; };
> >
> > allow-query-cache { "trusted"; };
> >
> > allow-recursion { "trusted"; };
> >
> > allow-transfer { "nameservers"; };
> >
> > transfer-source 192.168.101.101;
> >
> > also-notify { "nameservers"; };
> >
> > allow-notify { "nameservers" };
> >
> > notify explicit;
> >
> > dnssec-enable no;
> >
> > dnssec-validation no;
> >
> > listen-on-v6 { none; };
> >
> > };
> >
> > server 192.168.101.101 {
> >
> > edns no;
> >
> > };
> >
> > logging {
> >
> > channel "misc" {
> >
> > file "logs/named.log" versions 4 size 2m;
> >
> > print-category yes;
> >
> > print-severity yes;
> >
> > print-time yes;
> >
> > };
> >
> > channel "xfers" {
> >
> > file "logs/named.xfers" versions 4 size 1m;
> >
> > print-severity yes;
> >
> > print-time yes;
> >
> > };
> >
> > channel "debug" {
> >
> > file "logs/named.debug" versions 1 size 2m;
> >
> > print-category yes;
> >
> > print-severity yes;
> >
> > print-time yes;
> >
> > };
> >
> > channel "ops" {
> >
> > file "logs/named.ops" versions 3 size 2m;
> >
> > print-category yes;
> >
> > print-severity yes;
> >
> > print-time yes;
> >
> > };
> >
> > channel "sys" {
> >
> > syslog daemon;
> >
> > print-category yes;
> >
> > };
> >
> > category "xfer-in" { "xfers"; };
> >
> > category "xfer-out" { "xfers"; };
> >
> > category "notify" { "xfers"; };
> >
> > category "database" { "debug"; };
> >
> > category "config" { "debug"; };
> >
> > category "queries" { "ops"; };
> >
> > category "client" { "ops"; };
> >
> > category "resolver" { "ops"; };
> >
> > category "security" { "sys"; "misc"; };
> >
> > category "default" { "misc"; };
> >
> > };
>
> Maybe it's caused by too many logging. Try disable them temporarilly,
> or run named with "-g" argument in foreground, watch if there's
> something unusal or appeared repeatedly.
You can also append "-d99" parameter to check which activities named perform.
Note that output might be quite large.
Regards, Adam
>
> Another method you can try is simplify your named.conf to track down
> where the problem is. If it's not configuration problem, than it's
> named maybe problematic.
>
> > // Default zones
> >
> > zone "." {
> >
> > type hint;
> >
> > file "zones/root/db.root";
> >
> > };
> >
> > zone "localhost" {
> >
> > type master;
> >
> > file "zones/local/db.local";
> >
> > };
> >
> > zone "127.in-addr.arpa" {
> >
> > type master;
> >
> > file "zones/local/db.127";
> >
> > };
> >
> > zone "0.in-addr.arpa" {
> >
> > type master;
> >
> > file "zones/local/db.0";
> >
> > };
> >
> > zone "255.in-addr.arpa" {
> >
> > type master;
> >
> > file "zones/local/db.255";
> >
> > };
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Adam Tkac, Red Hat, Inc.
More information about the bind-users
mailing list