bind 9.6.1 under perform after running for a couple of hours

Wed Jul 8 21:22:41 UTC 2009

Hello,

A few of the default settings changed from 9.4.x to 9.6.x
The appropriate README files, change logs, and BIND ARM will provide details about them.

Below are some options and logging configurations you may want to investigate.
Ye Ole Disclaimer: Please be sure to understand what these do and the DNS environment these alter before making changes.

options suggestions: (set some limits)
        allow-query { "file-a"; "file-b"; }; #Employ ACLs to limit who can query the server
        allow-recursion { "file-a"; "file-b"; }; #Employ ACLs to limit recursion - may or may not be the same files as in the previous statement
        blackhole { "file-c"; }; #Employ ACLs to drop abusive queries. Note: This will affect legitimate responses from any networks listed, too. Keep this in mind.
        recursive-clients   X000;  #Understand how many recursive clients the hware should handle at a time
        tcp-clients X00;  # Understand how many TCP clients should be handled at a time.
        clients-per-query X0 ; #Limit the number of clients-per-query. This helps to limit bogus queries (especially from malware). We use 10.
        max-clients-per-query X0 ; # Same as above. That is, we hard set to deal with bogus queries from malware. I believe BIND automagically adjusts this by default.We use 20.
        max-cache-size 0 ; #Setting to 0 makes this model older behavior. I believe 9.5+ new default is 32MB. Setting to 0 is unlimited, if memory serves, and is what we want in our environment.

logging suggestions: (throw away certain things from logging IF you are not interested in them)
        channel secure_messages { file "/dev/null";   }; #If "null" is not understood, one can define it using this method.
        category security { secure_messages; }; #Fancy way of sending these logs to the garbage can using the previous definition. Setting ACLs generates a lot of log chatter. A good thing while one tweaks ACLs to check the logs. Once ACLs are tweaked, no need to waste CPU and HDD seak time logging data we no longer need = trash can.
        category lame-servers { null; }; #Nice info about lame servers, but since we can't fix the Internet = toss to the garbage can for now.
        category edns-disabled { null; }; #Again, nice info about EDNS, but it isn't something our environment needs us to act upon at this time = trash can for now.

HTH.

________________________________
From: Imri Zvik <imriz at inter.net.il>
To: bind-users at lists.isc.org
Sent: Wednesday, July 8, 2009 2:24:17 PM
Subject: bind 9.6.1 under perform after running for a couple of hours

Hi,

After a couple of hours, performance of bind 9.6.1 suddenly drops. While the server remains responsive, the response time increases, the rate of the failed queries increases, and CPU/load average usage increases. Restarting named solves the problem.

I cannot find anything useful in the logs, but a quick search in this mailing list archive shows that other users reported somewhat similar problems with this version of BIND :(

The operating system is Linux (Linux ns1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86_64 x86_64 GNU/Linux) , Red Hat Enterprise Linux Server release 5.3 (Tikanga).

Output of named –V:
BIND 9.6.1 built with '--enable-threads' '--enable-largefile' '--prefix=/usr/local'

/usr/local/sbin/named: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped

It is important to state that we just upgraded from 9.4.3-P2.

Any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090708/2d74e820/attachment.html>