Bind Auth responds slow during incoming XFR
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Mar 27 08:29:33 UTC 2019
Hello!
We have a problem with Bind [2] during incoming IXFR. When there is a
huge IXFR (ie 1,8GB tranferred in 15minutes [1]), the response time
heavily increases. Using dsc's newest "Reponse Time Indexer" we clearly
see that Bind answers slow:
Response Time normal during
Window operation IXFR
------------------------------------------------
1-10us 2
10-100us 16033
100-1000us 37768
1-10ms 180 21
10-100ms 43 179
100-1000ms 748
1-10s 2224
timeout 124 6930
------------------------------------------------
Sum 54150 10102
(The drop in total happens as the resolvers switch to other
authoritative nameservers)
The VM has 4 vCPUs which are all at 100% (99% user-space load)during the
incoming IXFR. The memory consumption doubled during the IXFR but there
is enough RAM in the server (no swapping)
So I have 2 theories:
a) While "patching" the in-memory zone the "IXFR-worker" somehow locks
the zone so that the "request-handler" has to wait and becomes slow.
b) The "IXFR-worker" eats all CPU so that there is no more CPU left for
the "request-handler".
So, what do Bind developers mean about my theories? Are there any ideas
to improve response time during IXFR? Ie. throttling CPU of the "IXFR
handler"? Were there related changed in 9.12 or 9.14?
Thanks
Klaus
[1] Transfer completed: 27733 messages, 12689911 records, 1789M bytes,
847.424 secs (2111887 bytes/sec)
[2] Seen on Ubuntu 14.04/16.04/18.04 aka Bind 9.9.5/9.10.3/9.11.3
More information about the bind-users
mailing list