CPU utilization
Ejaz
mejaz at cyberia.net.sa
Tue Aug 19 10:06:17 UTC 2008
Hi,
I have installed BIND 9.3.4-P1on RedhatEnterprise Linux 5, as we are an ISP we have near 1000 domains are hosted in our dns, also all our customers are using our DNS to browse,
My problem is most of the times my CPU utilisation remain 80%,90% and 100%. So any help will be will be great for me,
I have following entries in my /var/log/syslog, and
Aug 19 12:47:04 ns1 named[3400]: client 172.21.0.49#49944: query (cache) 'feniphone.com/A/IN' denied
Aug 19 12:47:04 ns1 named[3400]: unexpected RCODE (REFUSED) resolving 'blitzbeat.com/A/IN': 66.196.84.168#53
Aug 19 12:47:04 ns1 named[3400]: client 212.93.210.219#1620: query (cache) 'gbox4all.no-ip.biz/A/IN' denied
Aug 19 12:47:04 ns1 named[3400]: client 172.21.15.218#65207: query (cache) 'dnl-cn6.kaspersky-labs.com/A/IN' denied
Aug 19 12:47:04 ns1 named[3400]: client 172.21.0.16#53403: query (cache) 'dnl-cn1.kaspersky-labs.com/A/IN' denied
Aug 19 12:47:04 ns1 named[3400]: client 172.21.0.89#10091: query (cache) 'dnl-04.geo.kaspersky.com/A/IN' denied
Aug 19 12:47:04 ns1 named[3400]: client 87.230.166.238#1037: query (cache) 'photos-f.ak.facebook.com/A/IN' denied
Aug 19 12:47:04 ns1 named[3400]: client 78.93.17.67#1284: query (cache) 'forum.brg8.com/A/IN' denied
Aug 19 12:47:04 ns1 named[3400]: client 212.71.32.19#33154: query (cache) 'antivirus.com.sa/A/IN' denied
Here is partially my named.conf
directory "/var/named";
#recursion no;
#allow-query { any; };
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
# query-source address * port 53;
allow-transfer { 1.1.1.1;};
listen-on port 53 {1.1.1.1;};
#pid-file "/var/run/named/pid";
#dump-file "/var/dump/named_dump.db";
#statistics-file "/var/stats/named.stats
statistics-file "/var/named_stats";
dump-file "/var/named_dump.db";
memstatistics-file "/var/named_mem_stats";
recursive-clients 10000;
allow-query {"mynetwork";}
};
//logging {
//category lame-servers { null; };
//};
#logging {
# channel default_debug {
#file "/var/named/chroot/var/named/named.run";
# severity dynamic;
# };
#};
include "/etc/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
};
Regards
Ejaz
More information about the bind-users
mailing list