Dear All, Yes, this was the solutions. Another engineer here fixed it this morning. Read about the issue while on vacation, came back this morning and saw my emails...
Thanks again, Shon -----Original Message----- From: bind-users-bounces+sstephens=mentora....@lists.isc.org [mailto:bind-users-bounces+sstephens=mentora....@lists.isc.org] On Behalf Of ?? Sent: Tuesday, July 10, 2012 12:54 PM To: Adam Tkac Cc: bind-users@lists.isc.org Subject: Re: BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization try ntp restart!! July 1, because of leap time, named cpu high!! 2012. 7. 10. 23:32 Adam Tkac <at...@redhat.com> 작성: > On Tue, Jul 10, 2012 at 10:15:01PM +0800, Drunkard Zhang wrote: >> 2012/7/10 Shon Stephens <ssteph...@mentora.com>: >>> Dear All, >>> >>> I am running the version of BIND provided by RPM packages with >>> RHEL 6.2. This is a new server build replacing a previous server. >>> That host was running an earlier version of BIND and and earlier >>> version of RHEL. The config files have remained relatively the same, >>> but the CPU utilization of the newer version is magnitudes of order higher. >>> >>> >>> >>> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ >>> COMMAND >>> >>> 30462 named 20 0 282m 80m 2588 S 43.5 2.1 >>> 378:33.05 named >>> >>> >>> >>> I've seen other posts about missing "managed-keys" directive and >>> attempted to add that to my config as a solution. This does not seem >>> to help. Here is my named.conf (sanitized). I've made sure that >>> recursion is limited to our ACL and there doesn't seem to be any >>> difference from previous periods in the number of queries being >>> answered by the server. Any help is much appreciated. >>> >>> >>> >>> Yours, >>> Shon >>> >>> >>> >>> >>> >>> ~]# rndc status >>> >>> version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 >>> >>> CPUs found: 2 >>> >>> worker threads: 2 >>> >>> number of zones: 84 >>> >>> debug level: 0 >>> >>> xfers running: 0 >>> >>> xfers deferred: 0 >>> >>> soa queries in progress: 0 >>> >>> query logging is ON >>> >>> recursive clients: 6/0/1000 >>> >>> tcp clients: 0/100 >>> >>> server is up and running >>> >>> >>> >>> // named.conf - BIND name server configuration file >>> >>> include "/etc/rndc.key"; >>> >>> controls { >>> >>> inet 127.0.0.1 port 953 >>> >>> allow { 127.0.0.1; }; >>> >>> }; >>> >>> // Blackhole requests from these networks >>> >>> acl "bogusnets" { >>> >>> 0.0.0.0/8; >>> >>> 1.0.0.0/8; >>> >>> 2.0.0.0/8; >>> >>> 192.0.2.0/24; >>> >>> 224.0.0.0/3; >>> >>> }; >>> >>> // Trusted networks >>> >>> acl "trusted" { >>> >>> some_trusted_networks; >>> >>> }; >>> >>> // Trusted name servers >>> >>> acl "nameservers" { >>> >>> some_ips_of_nameservers; >>> >>> }; >>> >>> // Global config options >>> >>> options { >>> >>> directory "/var/named"; >>> >>> dump-file "data/cache_dump.db"; >>> >>> statistics-file "data/named_stats.txt"; >>> >>> managed-keys-directory "/var/named/dynamic"; >>> >>> blackhole { "bogusnets"; }; >>> >>> allow-query { any; }; >>> >>> allow-query-cache { "trusted"; }; >>> >>> allow-recursion { "trusted"; }; >>> >>> allow-transfer { "nameservers"; }; >>> >>> transfer-source 192.168.101.101; >>> >>> also-notify { "nameservers"; }; >>> >>> allow-notify { "nameservers" }; >>> >>> notify explicit; >>> >>> dnssec-enable no; >>> >>> dnssec-validation no; >>> >>> listen-on-v6 { none; }; >>> >>> }; >>> >>> server 192.168.101.101 { >>> >>> edns no; >>> >>> }; >>> >>> logging { >>> >>> channel "misc" { >>> >>> file "logs/named.log" versions 4 size 2m; >>> >>> print-category yes; >>> >>> print-severity yes; >>> >>> print-time yes; >>> >>> }; >>> >>> channel "xfers" { >>> >>> file "logs/named.xfers" versions 4 size 1m; >>> >>> print-severity yes; >>> >>> print-time yes; >>> >>> }; >>> >>> channel "debug" { >>> >>> file "logs/named.debug" versions 1 size 2m; >>> >>> print-category yes; >>> >>> print-severity yes; >>> >>> print-time yes; >>> >>> }; >>> >>> channel "ops" { >>> >>> file "logs/named.ops" versions 3 size 2m; >>> >>> print-category yes; >>> >>> print-severity yes; >>> >>> print-time yes; >>> >>> }; >>> >>> channel "sys" { >>> >>> syslog daemon; >>> >>> print-category yes; >>> >>> }; >>> >>> category "xfer-in" { "xfers"; }; >>> >>> category "xfer-out" { "xfers"; }; >>> >>> category "notify" { "xfers"; }; >>> >>> category "database" { "debug"; }; >>> >>> category "config" { "debug"; }; >>> >>> category "queries" { "ops"; }; >>> >>> category "client" { "ops"; }; >>> >>> category "resolver" { "ops"; }; >>> >>> category "security" { "sys"; "misc"; }; >>> >>> category "default" { "misc"; }; >>> >>> }; >> >> Maybe it's caused by too many logging. Try disable them temporarilly, >> or run named with "-g" argument in foreground, watch if there's >> something unusal or appeared repeatedly. > > You can also append "-d99" parameter to check which activities named perform. > Note that output might be quite large. > > Regards, Adam > >> >> Another method you can try is simplify your named.conf to track down >> where the problem is. If it's not configuration problem, than it's >> named maybe problematic. >> >>> // Default zones >>> >>> zone "." { >>> >>> type hint; >>> >>> file "zones/root/db.root"; >>> >>> }; >>> >>> zone "localhost" { >>> >>> type master; >>> >>> file "zones/local/db.local"; >>> >>> }; >>> >>> zone "127.in-addr.arpa" { >>> >>> type master; >>> >>> file "zones/local/db.127"; >>> >>> }; >>> >>> zone "0.in-addr.arpa" { >>> >>> type master; >>> >>> file "zones/local/db.0"; >>> >>> }; >>> >>> zone "255.in-addr.arpa" { >>> >>> type master; >>> >>> file "zones/local/db.255"; >>> >>> }; >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > -- > Adam Tkac, Red Hat, Inc. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users