try ntp restart!!
July 1, because of leap time, named cpu high!!
2012. 7. 10. 23:32 Adam Tkac <at...@redhat.com> 작성:
> On Tue, Jul 10, 2012 at 10:15:01PM +0800, Drunkard Zhang wrote:
>> 2012/7/10 Shon Stephens <ssteph...@mentora.com>:
>>> Dear All,
>>>
>>> I am running the version of BIND provided by RPM packages with RHEL
>>> 6.2. This is a new server build replacing a previous server. That host was
>>> running an earlier version of BIND and and earlier version of RHEL. The
>>> config files have remained relatively the same, but the CPU utilization of
>>> the newer version is magnitudes of order higher.
>>>
>>>
>>>
>>> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
>>> COMMAND
>>>
>>> 30462 named 20 0 282m 80m 2588 S 43.5 2.1
>>> 378:33.05 named
>>>
>>>
>>>
>>> I've seen other posts about missing "managed-keys" directive and attempted
>>> to add that to my config as a solution. This does not seem to help. Here is
>>> my named.conf (sanitized). I've made sure that recursion is limited to our
>>> ACL and there doesn't seem to be any difference from previous periods in the
>>> number of queries being answered by the server. Any help is much
>>> appreciated.
>>>
>>>
>>>
>>> Yours,
>>> Shon
>>>
>>>
>>>
>>>
>>>
>>> ~]# rndc status
>>>
>>> version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3
>>>
>>> CPUs found: 2
>>>
>>> worker threads: 2
>>>
>>> number of zones: 84
>>>
>>> debug level: 0
>>>
>>> xfers running: 0
>>>
>>> xfers deferred: 0
>>>
>>> soa queries in progress: 0
>>>
>>> query logging is ON
>>>
>>> recursive clients: 6/0/1000
>>>
>>> tcp clients: 0/100
>>>
>>> server is up and running
>>>
>>>
>>>
>>> // named.conf - BIND name server configuration file
>>>
>>> include "/etc/rndc.key";
>>>
>>> controls {
>>>
>>> inet 127.0.0.1 port 953
>>>
>>> allow { 127.0.0.1; };
>>>
>>> };
>>>
>>> // Blackhole requests from these networks
>>>
>>> acl "bogusnets" {
>>>
>>> 0.0.0.0/8;
>>>
>>> 1.0.0.0/8;
>>>
>>> 2.0.0.0/8;
>>>
>>> 192.0.2.0/24;
>>>
>>> 224.0.0.0/3;
>>>
>>> };
>>>
>>> // Trusted networks
>>>
>>> acl "trusted" {
>>>
>>> some_trusted_networks;
>>>
>>> };
>>>
>>> // Trusted name servers
>>>
>>> acl "nameservers" {
>>>
>>> some_ips_of_nameservers;
>>>
>>> };
>>>
>>> // Global config options
>>>
>>> options {
>>>
>>> directory "/var/named";
>>>
>>> dump-file "data/cache_dump.db";
>>>
>>> statistics-file "data/named_stats.txt";
>>>
>>> managed-keys-directory "/var/named/dynamic";
>>>
>>> blackhole { "bogusnets"; };
>>>
>>> allow-query { any; };
>>>
>>> allow-query-cache { "trusted"; };
>>>
>>> allow-recursion { "trusted"; };
>>>
>>> allow-transfer { "nameservers"; };
>>>
>>> transfer-source 192.168.101.101;
>>>
>>> also-notify { "nameservers"; };
>>>
>>> allow-notify { "nameservers" };
>>>
>>> notify explicit;
>>>
>>> dnssec-enable no;
>>>
>>> dnssec-validation no;
>>>
>>> listen-on-v6 { none; };
>>>
>>> };
>>>
>>> server 192.168.101.101 {
>>>
>>> edns no;
>>>
>>> };
>>>
>>> logging {
>>>
>>> channel "misc" {
>>>
>>> file "logs/named.log" versions 4 size 2m;
>>>
>>> print-category yes;
>>>
>>> print-severity yes;
>>>
>>> print-time yes;
>>>
>>> };
>>>
>>> channel "xfers" {
>>>
>>> file "logs/named.xfers" versions 4 size 1m;
>>>
>>> print-severity yes;
>>>
>>> print-time yes;
>>>
>>> };
>>>
>>> channel "debug" {
>>>
>>> file "logs/named.debug" versions 1 size 2m;
>>>
>>> print-category yes;
>>>
>>> print-severity yes;
>>>
>>> print-time yes;
>>>
>>> };
>>>
>>> channel "ops" {
>>>
>>> file "logs/named.ops" versions 3 size 2m;
>>>
>>> print-category yes;
>>>
>>> print-severity yes;
>>>
>>> print-time yes;
>>>
>>> };
>>>
>>> channel "sys" {
>>>
>>> syslog daemon;
>>>
>>> print-category yes;
>>>
>>> };
>>>
>>> category "xfer-in" { "xfers"; };
>>>
>>> category "xfer-out" { "xfers"; };
>>>
>>> category "notify" { "xfers"; };
>>>
>>> category "database" { "debug"; };
>>>
>>> category "config" { "debug"; };
>>>
>>> category "queries" { "ops"; };
>>>
>>> category "client" { "ops"; };
>>>
>>> category "resolver" { "ops"; };
>>>
>>> category "security" { "sys"; "misc"; };
>>>
>>> category "default" { "misc"; };
>>>
>>> };
>>
>> Maybe it's caused by too many logging. Try disable them temporarilly,
>> or run named with "-g" argument in foreground, watch if there's
>> something unusal or appeared repeatedly.
>
> You can also append "-d99" parameter to check which activities named perform.
> Note that output might be quite large.
>
> Regards, Adam
>
>>
>> Another method you can try is simplify your named.conf to track down
>> where the problem is. If it's not configuration problem, than it's
>> named maybe problematic.
>>
>>> // Default zones
>>>
>>> zone "." {
>>>
>>> type hint;
>>>
>>> file "zones/root/db.root";
>>>
>>> };
>>>
>>> zone "localhost" {
>>>
>>> type master;
>>>
>>> file "zones/local/db.local";
>>>
>>> };
>>>
>>> zone "127.in-addr.arpa" {
>>>
>>> type master;
>>>
>>> file "zones/local/db.127";
>>>
>>> };
>>>
>>> zone "0.in-addr.arpa" {
>>>
>>> type master;
>>>
>>> file "zones/local/db.0";
>>>
>>> };
>>>
>>> zone "255.in-addr.arpa" {
>>>
>>> type master;
>>>
>>> file "zones/local/db.255";
>>>
>>> };
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Adam Tkac, Red Hat, Inc.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
