RE: BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization

Tue, 10 Jul 2012 09:58:15 -0700 

Dear All,
     Yes, this was the solutions. Another engineer here fixed it this morning. 
Read about the issue while on vacation, came back this morning and saw my 
emails...

Thanks again,
Shon

-----Original Message-----
From: bind-users-bounces+sstephens=mentora....@lists.isc.org 
[mailto:bind-users-bounces+sstephens=mentora....@lists.isc.org] On Behalf Of ??
Sent: Tuesday, July 10, 2012 12:54 PM
To: Adam Tkac
Cc: bind-users@lists.isc.org
Subject: Re: BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Very High CPU Utilization

try ntp restart!!

July 1, because of leap time, named cpu high!!

2012. 7. 10. 23:32 Adam Tkac <at...@redhat.com> 작성:

> On Tue, Jul 10, 2012 at 10:15:01PM +0800, Drunkard Zhang wrote:
>> 2012/7/10 Shon Stephens <ssteph...@mentora.com>:
>>> Dear All,
>>> 
>>>     I am running the version of BIND provided by RPM packages with 
>>> RHEL 6.2. This is a new server build replacing a previous server. 
>>> That host was running an earlier version of BIND and and earlier 
>>> version of RHEL. The config files have remained relatively the same, 
>>> but the CPU utilization of the newer version is magnitudes of order higher.
>>> 
>>> 
>>> 
>>> PID         USER      PR  NI  VIRT   RES   SHR  S  %CPU %MEM    TIME+
>>> COMMAND
>>> 
>>> 30462    named  20   0    282m  80m 2588 S  43.5     2.1
>>> 378:33.05   named
>>> 
>>> 
>>> 
>>> I've seen other posts about missing "managed-keys" directive and 
>>> attempted to add that to my config as a solution. This does not seem 
>>> to help. Here is my named.conf (sanitized). I've made sure that 
>>> recursion is limited to our ACL and there doesn't seem to be any 
>>> difference from previous periods in the number of queries being 
>>> answered by the server. Any help is much appreciated.
>>> 
>>> 
>>> 
>>> Yours,
>>> Shon
>>> 
>>> 
>>> 
>>> 
>>> 
>>> ~]# rndc status
>>> 
>>> version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
>>> 
>>> CPUs found: 2
>>> 
>>> worker threads: 2
>>> 
>>> number of zones: 84
>>> 
>>> debug level: 0
>>> 
>>> xfers running: 0
>>> 
>>> xfers deferred: 0
>>> 
>>> soa queries in progress: 0
>>> 
>>> query logging is ON
>>> 
>>> recursive clients: 6/0/1000
>>> 
>>> tcp clients: 0/100
>>> 
>>> server is up and running
>>> 
>>> 
>>> 
>>> // named.conf - BIND name server configuration file
>>> 
>>> include "/etc/rndc.key";
>>> 
>>> controls {
>>> 
>>>        inet 127.0.0.1 port 953
>>> 
>>>        allow { 127.0.0.1; };
>>> 
>>> };
>>> 
>>> // Blackhole requests from these networks
>>> 
>>> acl "bogusnets" {
>>> 
>>>        0.0.0.0/8;
>>> 
>>>        1.0.0.0/8;
>>> 
>>>        2.0.0.0/8;
>>> 
>>>        192.0.2.0/24;
>>> 
>>>        224.0.0.0/3;
>>> 
>>> };
>>> 
>>> // Trusted networks
>>> 
>>> acl "trusted" {
>>> 
>>>  some_trusted_networks;
>>> 
>>> };
>>> 
>>> // Trusted name servers
>>> 
>>> acl "nameservers" {
>>> 
>>>        some_ips_of_nameservers;
>>> 
>>> };
>>> 
>>> // Global config options
>>> 
>>> options {
>>> 
>>>        directory "/var/named";
>>> 
>>>        dump-file "data/cache_dump.db";
>>> 
>>>        statistics-file "data/named_stats.txt";
>>> 
>>>                managed-keys-directory "/var/named/dynamic";
>>> 
>>>        blackhole { "bogusnets"; };
>>> 
>>>                allow-query { any; };
>>> 
>>>        allow-query-cache { "trusted"; };
>>> 
>>>                allow-recursion { "trusted"; };
>>> 
>>>        allow-transfer { "nameservers"; };
>>> 
>>>        transfer-source 192.168.101.101;
>>> 
>>>        also-notify { "nameservers"; };
>>> 
>>>        allow-notify { "nameservers" };
>>> 
>>>        notify explicit;
>>> 
>>>                dnssec-enable no;
>>> 
>>>                dnssec-validation no;
>>> 
>>>                listen-on-v6 { none; };
>>> 
>>> };
>>> 
>>> server 192.168.101.101 {
>>> 
>>>                edns no;
>>> 
>>> };
>>> 
>>> logging {
>>> 
>>>        channel "misc" {
>>> 
>>>                file    "logs/named.log" versions 4 size 2m;
>>> 
>>>                print-category  yes;
>>> 
>>>                print-severity  yes;
>>> 
>>>                print-time      yes;
>>> 
>>>        };
>>> 
>>>        channel "xfers" {
>>> 
>>>                file    "logs/named.xfers" versions 4 size 1m;
>>> 
>>>                print-severity  yes;
>>> 
>>>                print-time      yes;
>>> 
>>>        };
>>> 
>>>        channel "debug" {
>>> 
>>>                file    "logs/named.debug" versions 1 size 2m;
>>> 
>>>                print-category  yes;
>>> 
>>>                print-severity  yes;
>>> 
>>>                print-time      yes;
>>> 
>>>        };
>>> 
>>>        channel "ops" {
>>> 
>>>                file    "logs/named.ops" versions 3 size 2m;
>>> 
>>>                print-category  yes;
>>> 
>>>                print-severity  yes;
>>> 
>>>                print-time      yes;
>>> 
>>>        };
>>> 
>>>        channel "sys" {
>>> 
>>>                syslog  daemon;
>>> 
>>>                print-category  yes;
>>> 
>>>        };
>>> 
>>>        category "xfer-in"      { "xfers"; };
>>> 
>>>        category "xfer-out"     { "xfers"; };
>>> 
>>>        category "notify"       { "xfers"; };
>>> 
>>>        category "database"     { "debug"; };
>>> 
>>>        category "config"       { "debug"; };
>>> 
>>>        category "queries"      { "ops"; };
>>> 
>>>        category "client"       { "ops"; };
>>> 
>>>        category "resolver"     { "ops"; };
>>> 
>>>        category "security"     { "sys"; "misc"; };
>>> 
>>>        category "default"      { "misc"; };
>>> 
>>> };
>> 
>> Maybe it's caused by too many logging. Try disable them temporarilly, 
>> or run named with "-g" argument in foreground, watch if there's 
>> something unusal or appeared repeatedly.
> 
> You can also append "-d99" parameter to check which activities named perform.
> Note that output might be quite large.
> 
> Regards, Adam
> 
>> 
>> Another method you can try is simplify your named.conf to track down 
>> where the problem is. If it's not configuration problem, than it's 
>> named maybe problematic.
>> 
>>> // Default zones
>>> 
>>> zone "." {
>>> 
>>>        type hint;
>>> 
>>>        file "zones/root/db.root";
>>> 
>>> };
>>> 
>>> zone "localhost" {
>>> 
>>>        type master;
>>> 
>>>        file "zones/local/db.local";
>>> 
>>> };
>>> 
>>> zone "127.in-addr.arpa" {
>>> 
>>>        type master;
>>> 
>>>        file "zones/local/db.127";
>>> 
>>> };
>>> 
>>> zone "0.in-addr.arpa" {
>>> 
>>>        type master;
>>> 
>>>        file "zones/local/db.0";
>>> 
>>> };
>>> 
>>> zone "255.in-addr.arpa" {
>>> 
>>>        type master;
>>> 
>>>        file "zones/local/db.255";
>>> 
>>> };
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list
>> 
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> 
> --
> Adam Tkac, Red Hat, Inc.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> 




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to