Dear All,
I am running the version of BIND provided by RPM packages with RHEL 6.2.
This is a new server build replacing a previous server. That host was running
an earlier version of BIND and and earlier version of RHEL. The config files
have remained relatively the same, but the CPU utilization of the newer version
is magnitudes of order higher.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
COMMAND
30462 named 20 0 282m 80m 2588 S 43.5 2.1 378:33.05
named
I've seen other posts about missing "managed-keys" directive and attempted to
add that to my config as a solution. This does not seem to help. Here is my
named.conf (sanitized). I've made sure that recursion is limited to our ACL and
there doesn't seem to be any difference from previous periods in the number of
queries being answered by the server. Any help is much appreciated.
Yours,
Shon
~]# rndc status
version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
CPUs found: 2
worker threads: 2
number of zones: 84
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 6/0/1000
tcp clients: 0/100
server is up and running
// named.conf - BIND name server configuration file
include "/etc/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
// Blackhole requests from these networks
acl "bogusnets" {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
};
// Trusted networks
acl "trusted" {
some_trusted_networks;
};
// Trusted name servers
acl "nameservers" {
some_ips_of_nameservers;
};
// Global config options
options {
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
managed-keys-directory "/var/named/dynamic";
blackhole { "bogusnets"; };
allow-query { any; };
allow-query-cache { "trusted"; };
allow-recursion { "trusted"; };
allow-transfer { "nameservers"; };
transfer-source 192.168.101.101;
also-notify { "nameservers"; };
allow-notify { "nameservers" };
notify explicit;
dnssec-enable no;
dnssec-validation no;
listen-on-v6 { none; };
};
server 192.168.101.101 {
edns no;
};
logging {
channel "misc" {
file "logs/named.log" versions 4 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel "xfers" {
file "logs/named.xfers" versions 4 size 1m;
print-severity yes;
print-time yes;
};
channel "debug" {
file "logs/named.debug" versions 1 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel "ops" {
file "logs/named.ops" versions 3 size 2m;
print-category yes;
print-severity yes;
print-time yes;
};
channel "sys" {
syslog daemon;
print-category yes;
};
category "xfer-in" { "xfers"; };
category "xfer-out" { "xfers"; };
category "notify" { "xfers"; };
category "database" { "debug"; };
category "config" { "debug"; };
category "queries" { "ops"; };
category "client" { "ops"; };
category "resolver" { "ops"; };
category "security" { "sys"; "misc"; };
category "default" { "misc"; };
};
// Default zones
zone "." {
type hint;
file "zones/root/db.root";
};
zone "localhost" {
type master;
file "zones/local/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "zones/local/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "zones/local/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "zones/local/db.255";
};
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
