named 100% utilization
Peter Carlson
peter at howudodat.com
Tue Apr 30 14:09:44 UTC 2024
we are having a problem with bind that has been happening for about a
week. one of named's threads goes to 100% and then named stops
responding to any dns requests. I have logging turned on and dont see
anything out of the ordinary. It's not crashing. Any recommendations on
where to start
administrator at nc1:~$ named -version
BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>
administrator at nc1:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
Config files:
administrator at nc1:/etc/bind$ cat named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
administrator at nc1:/etc/bind$ cat named.conf.options
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
options {
directory "/var/cache/bind";
version "Go Away 0.0.7";
notify no;
empty-zones-enable no;
auth-nxdomain yes;
forwarders { 8.8.8.8; 8.8.4.4; };
allow-transfer { none; };
dnssec-validation no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.10.11; 127.0.0.1; ::1; };
minimal-responses yes;
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};
administrator at nc1:/etc/bind$ cat named.conf.local
acl internals { 192.168.10.0/24; 192.168.11.0/24; localhost; };
acl vpn { 10.9.0.0/24; };
view trusted {
match-clients { internals; };
allow-recursion { internals; };
allow-query { "internals"; };
allow-query-cache { "internals"; };
recursion yes;
zone "MYDOMAIN.com" IN { type master; file
"/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
zone "3cx.us" IN { type master; file "/etc/bind/db.3cx.us";
allow-update { none; }; };
zone "localhost" { type master; file "/etc/bind/db.local"; };
zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
include "/var/lib/samba/bind-dns/named.conf";
};
view vpn {
match-clients { vpn; };
allow-recursion { vpn; };
allow-query { "vpn"; };
allow-query-cache { "vpn"; };
recursion yes;
zone "MYDOMAIN.com" IN { type master; file
"/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
include "/var/lib/samba/bind-dns/named.conf";
};
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240430/51a283f3/attachment.htm>
More information about the bind-users
mailing list