named 100% utilization
Ondřej Surý
ondrej at isc.org
Tue Apr 30 14:23:42 UTC 2024
> BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>
I would start here - ISC provides packages for RedHat, Fedora, Debian and Ubuntu with latest upstream version.
There's little point in debugging a version that's old and doesn't contain all the bugfixes.
If you can reproduce the issue with latest 9.18 version, you'll need to install debug symbols
and it's possible to use `perf record` to capture the data where named spends time, but
even simple eu-stack -p <pid> can give you hints if you take couple snapshots.
Cheers,
--
Ondřej Surý (He/Him)
ondrej at isc.org
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 30. 4. 2024, at 16:09, Peter Carlson <peter at howudodat.com> wrote:
>
> we are having a problem with bind that has been happening for about a week. one of named's threads goes to 100% and then named stops responding to any dns requests. I have logging turned on and dont see anything out of the ordinary. It's not crashing. Any recommendations on where to start
> administrator at nc1:~$ named -version
> BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>
> administrator at nc1:~$ lsb_release -a
> No LSB modules are available.
> Distributor ID: Ubuntu
> Description: Ubuntu 22.04.4 LTS
> Release: 22.04
> Codename: jammy
> Config files:
> administrator at nc1:/etc/bind$ cat named.conf
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> administrator at nc1:/etc/bind$ cat named.conf.options
> logging {
> channel default_file {
> file "/var/log/named/default.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel general_file {
> file "/var/log/named/general.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel database_file {
> file "/var/log/named/database.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel security_file {
> file "/var/log/named/security.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel config_file {
> file "/var/log/named/config.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel resolver_file {
> file "/var/log/named/resolver.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel xfer-in_file {
> file "/var/log/named/xfer-in.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel xfer-out_file {
> file "/var/log/named/xfer-out.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel notify_file {
> file "/var/log/named/notify.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel client_file {
> file "/var/log/named/client.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel unmatched_file {
> file "/var/log/named/unmatched.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel queries_file {
> file "/var/log/named/queries.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel network_file {
> file "/var/log/named/network.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel update_file {
> file "/var/log/named/update.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel dispatch_file {
> file "/var/log/named/dispatch.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel dnssec_file {
> file "/var/log/named/dnssec.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel lame-servers_file {
> file "/var/log/named/lame-servers.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
>
> category default { default_file; };
> category general { general_file; };
> category database { database_file; };
> category security { security_file; };
> category config { config_file; };
> category resolver { resolver_file; };
> category xfer-in { xfer-in_file; };
> category xfer-out { xfer-out_file; };
> category notify { notify_file; };
> category client { client_file; };
> category unmatched { unmatched_file; };
> category queries { queries_file; };
> category network { network_file; };
> category update { update_file; };
> category dispatch { dispatch_file; };
> category dnssec { dnssec_file; };
> category lame-servers { lame-servers_file; };
> };
>
> options {
> directory "/var/cache/bind";
> version "Go Away 0.0.7";
> notify no;
> empty-zones-enable no;
> auth-nxdomain yes;
> forwarders { 8.8.8.8; 8.8.4.4; };
> allow-transfer { none; };
>
> dnssec-validation no;
>
> listen-on-v6 { none; };
> listen-on port 53 { 192.168.10.11; 127.0.0.1; ::1; };
>
> minimal-responses yes;
>
> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
>
> };
> administrator at nc1:/etc/bind$ cat named.conf.local
> acl internals { 192.168.10.0/24; 192.168.11.0/24; localhost; };
> acl vpn { 10.9.0.0/24; };
>
> view trusted {
> match-clients { internals; };
> allow-recursion { internals; };
> allow-query { "internals"; };
> allow-query-cache { "internals"; };
> recursion yes;
>
> zone "MYDOMAIN.com" IN { type master; file "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
> zone "3cx.us" IN { type master; file "/etc/bind/db.3cx.us"; allow-update { none; }; };
>
> zone "localhost" { type master; file "/etc/bind/db.local"; };
> zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
> zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
> zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
> include "/var/lib/samba/bind-dns/named.conf";
> };
>
> view vpn {
> match-clients { vpn; };
> allow-recursion { vpn; };
> allow-query { "vpn"; };
> allow-query-cache { "vpn"; };
> recursion yes;
>
> zone "MYDOMAIN.com" IN { type master; file "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
> include "/var/lib/samba/bind-dns/named.conf";
> };
>
> Peter
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list