<!DOCTYPE html>
<html data-lt-installed="true">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body style="padding-bottom: 1px;">
<p>we are having a problem with bind that has been happening for
about a week. one of named's threads goes to 100% and then named
stops responding to any dns requests. I have logging turned on
and dont see anything out of the ordinary. It's not crashing.
Any recommendations on where to start</p>
<blockquote>
<p><font face="monospace">administrator@nc1:~$ named -version<br>
BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support
Version) <id:></font></p>
<p><font face="monospace">administrator@nc1:~$ lsb_release -a<br>
No LSB modules are available.<br>
Distributor ID: Ubuntu<br>
Description: Ubuntu 22.04.4 LTS<br>
Release: 22.04<br>
Codename: jammy</font><br>
</p>
</blockquote>
<p>Config files:</p>
<blockquote>
<p><font face="monospace">administrator@nc1:/etc/bind$ cat
named.conf</font><br>
<font face="monospace">include "/etc/bind/named.conf.options";</font><br>
<font face="monospace">include "/etc/bind/named.conf.local";</font><br>
</p>
</blockquote>
<blockquote>
<p><font face="monospace">administrator@nc1:/etc/bind$ cat
named.conf.options </font><br>
<font face="monospace">logging {</font><br>
<font face="monospace"> channel default_file {</font><br>
<font face="monospace"> file "/var/log/named/default.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel general_file {</font><br>
<font face="monospace"> file "/var/log/named/general.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel database_file {</font><br>
<font face="monospace"> file
"/var/log/named/database.log" versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel security_file {</font><br>
<font face="monospace"> file
"/var/log/named/security.log" versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel config_file {</font><br>
<font face="monospace"> file "/var/log/named/config.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel resolver_file {</font><br>
<font face="monospace"> file
"/var/log/named/resolver.log" versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel xfer-in_file {</font><br>
<font face="monospace"> file "/var/log/named/xfer-in.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel xfer-out_file {</font><br>
<font face="monospace"> file
"/var/log/named/xfer-out.log" versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel notify_file {</font><br>
<font face="monospace"> file "/var/log/named/notify.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel client_file {</font><br>
<font face="monospace"> file "/var/log/named/client.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel unmatched_file {</font><br>
<font face="monospace"> file
"/var/log/named/unmatched.log" versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel queries_file {</font><br>
<font face="monospace"> file "/var/log/named/queries.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel network_file {</font><br>
<font face="monospace"> file "/var/log/named/network.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel update_file {</font><br>
<font face="monospace"> file "/var/log/named/update.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel dispatch_file {</font><br>
<font face="monospace"> file
"/var/log/named/dispatch.log" versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel dnssec_file {</font><br>
<font face="monospace"> file "/var/log/named/dnssec.log"
versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<font face="monospace"> channel lame-servers_file {</font><br>
<font face="monospace"> file
"/var/log/named/lame-servers.log" versions 3 size 5m;</font><br>
<font face="monospace"> severity dynamic;</font><br>
<font face="monospace"> print-time yes;</font><br>
<font face="monospace"> };</font><br>
<br>
<font face="monospace"> category default { default_file; };</font><br>
<font face="monospace"> category general { general_file; };</font><br>
<font face="monospace"> category database { database_file; };</font><br>
<font face="monospace"> category security { security_file; };</font><br>
<font face="monospace"> category config { config_file; };</font><br>
<font face="monospace"> category resolver { resolver_file; };</font><br>
<font face="monospace"> category xfer-in { xfer-in_file; };</font><br>
<font face="monospace"> category xfer-out { xfer-out_file; };</font><br>
<font face="monospace"> category notify { notify_file; };</font><br>
<font face="monospace"> category client { client_file; };</font><br>
<font face="monospace"> category unmatched { unmatched_file;
};</font><br>
<font face="monospace"> category queries { queries_file; };</font><br>
<font face="monospace"> category network { network_file; };</font><br>
<font face="monospace"> category update { update_file; };</font><br>
<font face="monospace"> category dispatch { dispatch_file; };</font><br>
<font face="monospace"> category dnssec { dnssec_file; };</font><br>
<font face="monospace"> category lame-servers {
lame-servers_file; };</font><br>
<font face="monospace">};</font><br>
<br>
<font face="monospace"> options {</font><br>
<font face="monospace"> directory "/var/cache/bind";</font><br>
<font face="monospace"> version "Go Away 0.0.7";</font><br>
<font face="monospace"> notify no;</font><br>
<font face="monospace"> empty-zones-enable no;</font><br>
<font face="monospace"> auth-nxdomain yes;</font><br>
<font face="monospace"> forwarders { 8.8.8.8; 8.8.4.4;
};</font><br>
<font face="monospace"> allow-transfer { none; };</font><br>
<br>
<font face="monospace"> dnssec-validation no;</font><br>
<br>
<font face="monospace"> listen-on-v6 { none; };</font><br>
<font face="monospace"> listen-on port 53 {
192.168.10.11; 127.0.0.1; ::1; };</font><br>
<br>
<font face="monospace"> minimal-responses yes;</font><br>
<br>
<font face="monospace"> tkey-gssapi-keytab
"/var/lib/samba/bind-dns/dns.keytab";</font><br>
<br>
<font face="monospace"> };</font><br>
</p>
<font face="monospace">administrator@nc1:/etc/bind$ cat
named.conf.local</font><br>
<font face="monospace">acl internals { 192.168.10.0/24;
192.168.11.0/24; localhost; };</font><br>
<font face="monospace">acl vpn { 10.9.0.0/24; };</font><br>
<br>
<font face="monospace">view trusted {</font><br>
<font face="monospace"> match-clients { internals; };</font><br>
<font face="monospace"> allow-recursion { internals; };</font><br>
<font face="monospace"> allow-query { "internals"; };</font><br>
<font face="monospace"> allow-query-cache { "internals"; };</font><br>
<font face="monospace"> recursion yes;</font><br>
<font face="monospace"> </font><br>
<font face="monospace"> zone "MYDOMAIN.com" IN { type master;
file "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };</font><br>
<font face="monospace"> zone "3cx.us" IN { type master; file
"/etc/bind/db.3cx.us"; allow-update { none; }; };</font><br>
<font face="monospace"> </font><br>
<font face="monospace"> zone "localhost" { type master; file
"/etc/bind/db.local"; };</font><br>
<font face="monospace"> zone "127.in-addr.arpa" { type master;
file "/etc/bind/db.127"; };</font><br>
<font face="monospace"> zone "0.in-addr.arpa" { type master;
file "/etc/bind/db.0"; };</font><br>
<font face="monospace"> zone "255.in-addr.arpa" { type master;
file "/etc/bind/db.255"; };</font><br>
<font face="monospace">include
"/var/lib/samba/bind-dns/named.conf";</font><br>
<font face="monospace">};</font><br>
<br>
<font face="monospace">view vpn {</font><br>
<font face="monospace"> match-clients { vpn; };</font><br>
<font face="monospace"> allow-recursion { vpn; };</font><br>
<font face="monospace"> allow-query { "vpn"; };</font><br>
<font face="monospace"> allow-query-cache { "vpn"; };</font><br>
<font face="monospace"> recursion yes;</font><br>
<font face="monospace"> </font><br>
<font face="monospace"> zone "MYDOMAIN.com" IN { type master;
file "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };</font><br>
<font face="monospace">include
"/var/lib/samba/bind-dns/named.conf";</font><br>
<font face="monospace">};</font><br>
</blockquote>
<p><br>
Peter<br>
</p>
</body>
<lt-container></lt-container>
</html>