Need to improve named performance
Ed LaFrance
edl at connexinternet.com
Sat Nov 10 18:39:31 UTC 2012
Hello all -
First post to this list, hope I'm on the right place.
Running BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 on a quadcore xeon server
(3Ghz) with 2GB RAM. Named is being used only for rDNS queries against
our address space.
The issue is that named is not keeping up with rdns requests. The
nameserver is only doing rdns, and it's the only public process on the
server (no webhosting, monitoring, etc).
When I check the router above this server I'll see 200 - 500 legitimate
connections to this server at any given time. This is what's happening:
named is not keeping up with the requests, so the network receive queue
fills up - I can see this with netstat:
netstat -tulpn | grep :53
Proto Recv-Q Send-Q Local Address Foreign Address
PID/Program name
...
udp 110048 0 xxx.xxx.xxx.xxx:53 0.0.0.0:* 3918/named
udp 110048 0 xxx.xxx.xxx.xxx:53 0.0.0.0:* 3918/named
(two different IPs are on this machine to handle rDNS reqeusts)
Once the queue gets near the max value set by sysctl, udp packets start
to drop - this can also be seen in netstat:
netstat -su
...
Udp:
5157567 packets received
9761 packets to unknown port received.
1164232 packet receive errors
5157554 packets sent
The errors apparently correspond to drops; the only increase when the
queue is full.
Of course by this point dns queries are timing out. I've tried
increasing the queue size with sysctl using this command:
sysctl -w net.core.rmem_max=1048576 net.core.rmem_default=10485
then restarting named; that did eliminate the drops, but the queue grows
gigantic and I get pretty much 100% dns lookup timeouts at that point.
The server loading is about 2.0 - busy, not not overwhelmed, I can run a
shell or even a gui session on it with ease so it's by no means maxed
out. Here's the first slice of top output:
top - 09:13:38 up 18:40, 1 user, load average: 2.09, 2.05, 2.00
Tasks: 175 total, 1 running, 174 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.2%us, 0.2%sy, 0.0%ni, 74.8%id, 24.7%wa, 0.0%hi, 0.2%si,
0.0%st
Mem: 2074984k total, 1743584k used, 331400k free, 166588k buffers
Swap: 4128760k total, 28k used, 4128732k free, 1270032k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4509 named 24 0 71004 4580 2036 S 1.3 0.2 0:46.74 named
6877 root 15 0 2428 1064 788 R 0.7 0.1 0:00.04 top
467 root 10 -5 0 0 0 D 0.3 0.0 2:59.13 kjournald
2460 root 18 0 1816 584 484 D 0.3 0.0 3:30.35 syslogd
1 root 15 0 2160 644 556 S 0.0 0.0 0:01.08 init
The bottom line is: I need to improve named performance. Tcpdump only
shows about 20 requests per second on average, I would estimate. This
should be handled easily, but instead it's gagging on it and the
requests are stacking up. If you have any ideas, I welcome your input.
Here's named.conf, it's pretty basic for the global config, the data for
each zone is stored separately elsewhere:
options {
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";
allow-recursion {
localnets;
};
allow-transfer {
"none";
};
};
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxx";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
Thanks!
Ed
--
(800) 362-7579 ext 1
+-------------------------------------------------------+
+ Colocation Dedicated Servers IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc. direct: (916) 265-1568
11230 Gold Express Dr #310-313 fax: (916) 880-5663
Gold River, CA 95670 http://connexinternet.com
+-------------------------------------------------------+
More information about the bind-users
mailing list