Need to improve named performance

Ed LaFrance edl at connexinternet.com
Sat Nov 10 18:39:31 UTC 2012


Hello all -

First post to this list, hope I'm on the right place.

Running BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 on a quadcore xeon server 
(3Ghz) with 2GB RAM. Named is being used only for rDNS queries against 
our address space.

The issue is that named is not keeping up with rdns requests. The 
nameserver is only doing rdns, and it's the only public process on the 
server (no webhosting, monitoring, etc).

When I check the router above this server I'll see 200 - 500 legitimate 
connections to this server at any given time. This is what's happening: 
named is not keeping up with the requests, so the network receive queue 
fills up - I can see this with netstat:

netstat -tulpn | grep :53
Proto Recv-Q Send-Q Local Address               Foreign Address 
     PID/Program name
...
udp   110048      0 xxx.xxx.xxx.xxx:53           0.0.0.0:*   3918/named
udp   110048      0 xxx.xxx.xxx.xxx:53             0.0.0.0:*   3918/named

(two different IPs are on this machine to handle rDNS reqeusts)

Once the queue gets near the max value set by sysctl, udp packets start 
to drop - this can also be seen in netstat:

  netstat -su
...
Udp:
     5157567 packets received
     9761 packets to unknown port received.
     1164232 packet receive errors
     5157554 packets sent

The errors apparently correspond to drops; the only increase when the 
queue is full.

Of course by this point dns queries are timing out. I've tried 
increasing the queue size with sysctl using this command:

sysctl -w net.core.rmem_max=1048576 net.core.rmem_default=10485

then restarting named; that did eliminate the drops, but the queue grows 
gigantic and I get pretty much 100% dns lookup timeouts at that point.

The server loading is about 2.0 - busy, not not overwhelmed, I can run a 
shell or even a gui session on it with ease so it's by no means maxed 
out. Here's the first slice of top output:

top - 09:13:38 up 18:40,  1 user,  load average: 2.09, 2.05, 2.00
Tasks: 175 total,   1 running, 174 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.2%us,  0.2%sy,  0.0%ni, 74.8%id, 24.7%wa,  0.0%hi,  0.2%si, 
0.0%st
Mem:   2074984k total,  1743584k used,   331400k free,   166588k buffers
Swap:  4128760k total,       28k used,  4128732k free,  1270032k cached

   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
  4509 named     24   0 71004 4580 2036 S  1.3  0.2   0:46.74 named
  6877 root      15   0  2428 1064  788 R  0.7  0.1   0:00.04 top
   467 root      10  -5     0    0    0 D  0.3  0.0   2:59.13 kjournald
  2460 root      18   0  1816  584  484 D  0.3  0.0   3:30.35 syslogd
     1 root      15   0  2160  644  556 S  0.0  0.0   0:01.08 init

The bottom line is: I need to improve named performance. Tcpdump only 
shows about 20 requests per second on average, I would estimate. This 
should be handled easily, but instead it's gagging on it and the 
requests are stacking up. If you have any ideas, I welcome your input. 
Here's named.conf, it's pretty basic for the global config, the data for 
each zone is stored separately elsewhere:

options {
         directory "/var";
         auth-nxdomain no;
         pid-file "/var/run/named/named.pid";
         allow-recursion {
                 localnets;
         };

         allow-transfer {
             "none";
         };
};

key "rndc-key" {
         algorithm hmac-md5;
         secret "xxxxxxxxxxxxxxxxxxxxxx";
};

controls {
         inet 127.0.0.1 port 953
         allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." {
         type hint;
         file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
         type master;
         file "localhost.rev";
};

Thanks!
Ed
-- 
(800) 362-7579 ext 1

+-------------------------------------------------------+
+ Colocation    Dedicated Servers   IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc.     direct: (916) 265-1568
11230 Gold Express Dr #310-313        fax: (916) 880-5663
Gold River, CA 95670            http://connexinternet.com
+-------------------------------------------------------+



More information about the bind-users mailing list