named 100% utilization

Ondřej Surý ondrej at isc.org
Tue Apr 30 14:23:42 UTC 2024 

> BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>

I would start here - ISC provides packages for RedHat, Fedora, Debian and Ubuntu with latest upstream version.

There's little point in debugging a version that's old and doesn't contain all the bugfixes.

If you can reproduce the issue with latest 9.18 version, you'll need to install debug symbols
and it's possible to use `perf record` to capture the data where named spends time, but
even simple eu-stack -p <pid> can give you hints if you take couple snapshots.

Cheers,
--
Ondřej Surý (He/Him)
ondrej at isc.org

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 30. 4. 2024, at 16:09, Peter Carlson <peter at howudodat.com> wrote:
> 
> we are having a problem with bind that has been happening for about a week. one of named's threads goes to 100% and then named stops responding to any dns requests.  I have logging turned on and dont see anything out of the ordinary.  It's not crashing.  Any recommendations on where to start
> administrator at nc1:~$ named -version
> BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>
> administrator at nc1:~$ lsb_release -a
> No LSB modules are available.
> Distributor ID:    Ubuntu
> Description:    Ubuntu 22.04.4 LTS
> Release:    22.04
> Codename:    jammy
> Config files:
> administrator at nc1:/etc/bind$ cat named.conf
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> administrator at nc1:/etc/bind$ cat named.conf.options 
> logging {
>     channel default_file {
>         file "/var/log/named/default.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel general_file {
>         file "/var/log/named/general.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel database_file {
>         file "/var/log/named/database.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel security_file {
>         file "/var/log/named/security.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel config_file {
>         file "/var/log/named/config.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel resolver_file {
>         file "/var/log/named/resolver.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel xfer-in_file {
>         file "/var/log/named/xfer-in.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel xfer-out_file {
>         file "/var/log/named/xfer-out.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel notify_file {
>         file "/var/log/named/notify.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel client_file {
>         file "/var/log/named/client.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel unmatched_file {
>         file "/var/log/named/unmatched.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel queries_file {
>         file "/var/log/named/queries.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel network_file {
>         file "/var/log/named/network.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel update_file {
>         file "/var/log/named/update.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel dispatch_file {
>         file "/var/log/named/dispatch.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel dnssec_file {
>         file "/var/log/named/dnssec.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
>     channel lame-servers_file {
>         file "/var/log/named/lame-servers.log" versions 3 size 5m;
>         severity dynamic;
>         print-time yes;
>     };
> 
>     category default { default_file; };
>     category general { general_file; };
>     category database { database_file; };
>     category security { security_file; };
>     category config { config_file; };
>     category resolver { resolver_file; };
>     category xfer-in { xfer-in_file; };
>     category xfer-out { xfer-out_file; };
>     category notify { notify_file; };
>     category client { client_file; };
>     category unmatched { unmatched_file; };
>     category queries { queries_file; };
>     category network { network_file; };
>     category update { update_file; };
>     category dispatch { dispatch_file; };
>     category dnssec { dnssec_file; };
>     category lame-servers { lame-servers_file; };
> };
> 
>     options {
>           directory "/var/cache/bind";
>           version "Go Away 0.0.7";
>           notify no;
>           empty-zones-enable no;
>           auth-nxdomain yes;
>           forwarders { 8.8.8.8; 8.8.4.4; };
>           allow-transfer { none; };
> 
>           dnssec-validation no;
> 
>           listen-on-v6 { none; };
>           listen-on port 53 { 192.168.10.11; 127.0.0.1; ::1; };
> 
>           minimal-responses yes;
> 
>           tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> 
>       };
> administrator at nc1:/etc/bind$ cat named.conf.local
> acl internals { 192.168.10.0/24; 192.168.11.0/24; localhost; };
> acl vpn   { 10.9.0.0/24; };
> 
> view trusted {
>     match-clients { internals; };
>     allow-recursion { internals; };
>     allow-query { "internals"; };
>     allow-query-cache { "internals"; };
>     recursion yes;
>     
>     zone "MYDOMAIN.com" IN { type master; file "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
>     zone "3cx.us" IN { type master; file "/etc/bind/db.3cx.us"; allow-update { none; }; };
>     
>     zone "localhost" { type master; file "/etc/bind/db.local"; };
>     zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
>     zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
>     zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
> include "/var/lib/samba/bind-dns/named.conf";
> };
> 
> view vpn {
>     match-clients { vpn; };
>     allow-recursion { vpn; };
>     allow-query { "vpn"; };
>     allow-query-cache { "vpn"; };
>     recursion yes;
>     
>     zone "MYDOMAIN.com" IN { type master; file "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
> include "/var/lib/samba/bind-dns/named.conf";
> };
> 
> Peter
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list