Utilização excessiva da CPU para processos Bind 9.8.1 'named'

1

Acabei de notar que named está consumindo grandes quantidades de tempo de CPU para uma rede muito pequena com apenas alguns domínios. Alguém pode me ajudar a determinar o que está mal configurado, por favor? Ou como depurar isso.

top

top - 14:13:08 up 25 days, 14:16,  1 user,  load average: 1.04, 1.04, 1.05
Tasks: 149 total,   1 running, 148 sleeping,   0 stopped,   0 zombie
%Cpu(s): 17.3 us,  4.3 sy,  0.0 ni, 78.2 id,  0.1 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:   2042776 total,  1347916 used,   694860 free,   249396 buffers
KiB Swap:  3976080 total,    30552 used,  3945528 free,   574164 cached
  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND
17445 bind      20   0  244m  42m 3124 S  99.4  2.2   2345:03 named

rndc stats

+++ Statistics Dump +++ (1352931389)
++ Incoming Requests ++
           65869 QUERY
++ Incoming Queries ++
           31809 A
             241 NS
               3 CNAME
           27455 SOA
             276 PTR
             123 MX
             462 TXT
            5400 AAAA
               7 A6
               1 DS
              14 DNSKEY
              15 SPF
              55 AXFR
               8 ANY
++ Outgoing Queries ++
[View: internal]
           22206 A
             509 NS
              10 SOA
              25 PTR
              12 MX
             524 TXT
            4851 AAAA
              62 DNSKEY
              19 SPF
            3157 DLV
[View: external]
              87 A
               2 NS
              80 AAAA
             120 DNSKEY
               7 DLV
[View: _bind]
++ Name Server Statistics ++
           65869 IPv4 requests received
           27670 requests with EDNS(0) received
             112 TCP requests received
           65652 responses sent
              20 truncated responses sent
           27670 responses with EDNS(0) sent
           62920 queries resulted in successful answer
           37117 queries resulted in authoritative answer
           28482 queries resulted in non authoritative answer
               7 queries resulted in referral answer
             591 queries resulted in nxrrset
              53 queries resulted in SERVFAIL
            2081 queries resulted in NXDOMAIN
           14530 queries caused recursion
             162 duplicate queries received
              55 requested transfers completed
++ Zone Maintenance Statistics ++
          109536 IPv4 notifies sent
++ Resolver Statistics ++
[Common]
[View: internal]
           29362 IPv4 queries sent
            2013 IPv6 queries sent
           28531 IPv4 responses received
            4209 NXDOMAIN received
               6 SERVFAIL received
              31 FORMERR received
              32 EDNS(0) query failures
            3359 query retries
             836 query timeouts
            5348 IPv4 NS address fetches
            3271 IPv6 NS address fetches
              83 IPv4 NS address fetch failed
            2779 IPv6 NS address fetch failed
           17421 DNSSEC validation attempted
           12731 DNSSEC validation succeeded
            4690 DNSSEC NX validation succeeded
           21104 queries with RTT 10-100ms
            7418 queries with RTT 100-500ms
               3 queries with RTT 500-800ms
               1 queries with RTT 800-1600ms
[View: external]
             192 IPv4 queries sent
             104 IPv6 queries sent
             192 IPv4 responses received
               2 NXDOMAIN received
             104 query retries
              44 IPv4 NS address fetches
              44 IPv6 NS address fetches
               1 IPv4 NS address fetch failed
               1 IPv6 NS address fetch failed
               4 DNSSEC validation attempted
               3 DNSSEC validation succeeded
               1 DNSSEC NX validation succeeded
             152 queries with RTT 10-100ms
              40 queries with RTT 100-500ms
[View: _bind]
++ Cache DB RRsets ++
[View: internal (Cache: internal)]
            2007 A
             652 NS
             131 CNAME
               1 MX
              32 TXT
             421 AAAA
              28 DS
             244 RRSIG
             110 NSEC
               3 DNSKEY
               2 !A
               2 !TXT
              89 !AAAA
               2 !SPF
              14 !DLV
             148 NXDOMAIN
[View: external (Cache: external)]
              55 A
              12 NS
              34 AAAA
               2 DS
              10 RRSIG
               1 DNSKEY
[View: _bind (Cache: _bind)]
++ Socket I/O Statistics ++
           82958 UDP/IPv4 sockets opened
            2118 UDP/IPv6 sockets opened
               4 TCP/IPv4 sockets opened
               1 TCP/IPv6 sockets opened
           82956 UDP/IPv4 sockets closed
            2117 UDP/IPv6 sockets closed
              58 TCP/IPv4 sockets closed
              15 UDP/IPv4 socket bind failures
            2117 UDP/IPv6 socket connect failures
           29554 UDP/IPv4 connections established
              59 TCP/IPv4 connections accepted
            2117 UDP/IPv6 send errors
               5 UDP/IPv4 recv errors
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1352931389)
    
por justinzane 14.11.2012 / 23:20

2 respostas

1

@DavidSchwartz acertou:

Maybe your named.conf is missing a vital line like managed-keys-directory "/var/named/dynamic"; Are there any named-related errors in dmesg output? – David Schwartz Nov 15 at 0:53

Ausente a linha key-directory "/path/to/dnssec/keys"; totalmente importante. - Eu

    
por 21.11.2012 / 17:45
1

Qual é a sua versão do BIND? Acabei de encontrar um bug de possibilidade no BIND 9.7.3 descrito no link abaixo

link

    
por 21.11.2012 / 05:41