
<div dir="ltr">Hi Peter.<div>Off the top of my head, could it be this?</div><div><div class="gmail-page" title="Page 91"><div class="gmail-layoutArea"><div class="gmail-column"><p><span style="font-size:10pt;font-family:URWPalladioL;font-weight:700">random-device

</span></p>

                                        <p><span style="font-size:10pt;font-family:URWPalladioL">The source of entropy to be used by the server. Entropy is primarily needed for DNSSEC

operations, such as TKEY transactions and dynamic update of signed zones. This options

specifies the device (or file) from which to read entropy. If this is a file, operations re-

quiring entropy will fail when the file has been exhausted. If not specified, the default

value is </span><span style="font-size:10pt;font-family:NimbusMonL">/dev/random </span><span style="font-size:10pt;font-family:URWPalladioL">(or equivalent) when present, and none otherwise. The </span><span style="font-size:10pt;font-family:URWPalladioL;font-weight:700">random-

device </span><span style="font-size:10pt;font-family:URWPalladioL">option takes effect during the initial configuration load at server startup time and

is ignored on subsequent reloads. </span></p><p>BIND will need a good source of randomness for crypto operations.<span style="font-size:10pt;font-family:URWPalladioL"><br></span></p><p>Cheers, Greg</p>

                                </div>

                        </div>

                </div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 1 Aug 2022 at 23:08, White, Peter <<a href="mailto:pwhite@penguinrandomhouse.com">pwhite@penguinrandomhouse.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">


<div lang="EN-US" style="overflow-wrap: break-word;">

<div class="gmail-m_-6196280132677980643WordSection1">

<p class="gmail-m_-6196280132677980643p1"><span style="font-size:12pt;font-family:Calibri,sans-serif">I’m running

</span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 (Extended Support Version) on RHEL 7 in a chroot jail.</span></span><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">As of late, at times running some rndc commands are causing my server to lock up. It’s usually an “rndc addzone” that triggers the issue. I’ll also mention that I have recently started signing some domains with DNSSEC, so I suspect it may

 be somehow related.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">Here is an example of a command that frequently triggers my issue, although it doesn’t trigger it every time.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">rndc addzone '"<a href="http://example.com" target="_blank">example.com</a>" in external {type master; file "dnssec/<a href="http://example.com" target="_blank">example.com</a>";key-directory "keys"; auto-dnssec maintain; inline-signing yes;};'<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">During these times, named will not respond to any rndc commands, nothing is logged to the bind logs (I’m running trace level 3 ), and will not answer queries. Everything seems just frozen in time. Waiting for a period of time, varying from

 a few seconds to many minutes, the server picks back up again and operates normally. The following are my observations to this point.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">CPU and memory show as being fine.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="gmail-m_-6196280132677980643p1"><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">top - 17:57:37 up 33 min,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">3 users,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">load average: 0.00, 0.01, 0.05</span></span><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u><u></u></span></p>

<p class="gmail-m_-6196280132677980643p1"><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">Tasks:<b> 125

</b>total,<b> </b></span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">2

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">running,<b> 123

</b>sleeping,<b> </b></span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">stopped,<b>

</b></span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">zombie</span></span><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u><u></u></span></p>

<p class="gmail-m_-6196280132677980643p1"><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">%Cpu(s):</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0.2

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">us,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0.3

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">sy,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0.0

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">ni,<b> 98.5

</b>id,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0.0

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">wa,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0.0

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">hi,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0.0

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">si,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">1.0

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">s</span></span><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u><u></u></span></p>

<p class="gmail-m_-6196280132677980643p1"><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">KiB Mem :</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">1842956

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">total,<b>

</b></span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">439452

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">free,<b>

</b></span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">665760

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">used,<b>

</b></span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">737744

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">buff/cache</span></span><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u><u></u></span></p>

<p class="gmail-m_-6196280132677980643p1"><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">KiB Swap:</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">8384508

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">total,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">8384508

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">free,</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">       

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">0

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">used.</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><b><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></b></span><span class="gmail-m_-6196280132677980643s1"><b><span style="font-size:12pt;font-family:Calibri,sans-serif">1013652

</span></b></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">avail Mem</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><span style="font-size:12pt;font-family:Calibri,sans-serif"> </span></span><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">Strace shows the following over and over again.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="gmail-m_-6196280132677980643p1"><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">strace -p 1156 -f<u></u><u></u></span></span></p>

<p class="gmail-m_-6196280132677980643p1"><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></span></p>

<p class="gmail-m_-6196280132677980643p1"><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">[pid</span></span><span class="gmail-m_-6196280132677980643apple-converted-space"><span style="font-size:12pt;font-family:Calibri,sans-serif"> 

</span></span><span class="gmail-m_-6196280132677980643s1"><span style="font-size:12pt;font-family:Calibri,sans-serif">1159] futex(0x7fc1c15a307c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 16657, {tv_sec=1659390139, tv_nsec=255860000}, 0xffffffff) = -1 ETIMEDOUT (Connection

 timed out)</span></span><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u><u></u></span></p>

<p class="gmail-m_-6196280132677980643p1"><span style="font-size:12pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal">Any pointers here would be greatly appreciated. I’m about at my wits end with this one, and rebuilding this server on a newer build of RHEL or recompiling BIND is not a journey that I would like to take at the moment.<u></u><u></u></p>

</div>

</div>


-- <br>

Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>

<br>

ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>

<br>

<br>

bind-users mailing list<br>

<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>

<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>

</blockquote></div>