Re: BIND 9.2.3, large zone xfer and 100% CPU Utilization

This is a discussion on Re: BIND 9.2.3, large zone xfer and 100% CPU Utilization within the Bind Users forums, part of the DNS and Related Forums category; In <c692n2$22bk$1@sf1.isc.org> rainchik@mail.ru (Alex Rainchik) writes: >Hello, >We are ...


Go Back   Usenet Forums > DNS and Related Forums > Bind Users

Reload this Page Re: BIND 9.2.3, large zone xfer and 100% CPU Utilization

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-23-2004
John A. Stewart
 
Posts: n/a
Default Re: BIND 9.2.3, large zone xfer and 100% CPU Utilization
In <c692n2$22bk$1@sf1.isc.org> rainchik@mail.ru (Alex Rainchik) writes:

>Hello,

>We are using BIND 9.2.3 on Solaris8, transfering ~45Mb zone from mail-abuse.com
>every three hours, as they don't support IXFR feature. The issue we have is that
>at the end of the transfer "named" goes berserk and CPU utlilization goes trough
>the roof, up to 100% for about 5-10 minutes.

>During those 5-10 minutes "named" does not respond to any queries, "rdnc status"
>does not work either. It's the only zone xfer running at that time....

We were stumped with the same problem for a while. Our first attempt at
solving the problem was to move dns service to a dedicated machine. That
helped, but there was still a window after the zone transfer had completed
where the dns server would not respond.

What we do now is

1) We have two BIND daemons that only handle the RBL+ zone. One server
transfers the zone from mail-abuse.com while the other server transfers
the zone from the first server. This ensures that one of the servers
will always be able to respond since the two servers will never be
trying to apply a zone update simulataneously.

2) We have two bind daemons that are used by our client machines to handle
dns queries and that are authoritative for all our domains. These
servers forward RBL+ lookups to the two dns servers that carry the
RBL+ zone. As I explained in 1), one of these two servers should always
be able to respond immediately. To restrict who can access RBL+ data
as per our contract with mail-abuse.org we need to use the view
facility in BIND.

3) Physically, we have two machines running dns services. Each machine
runs two BIND daemons (one general purpose and one RBL+ only). Of
course, the second BIND daemon has to be bound to a separate virtual
interface.

4) The RBL+ BIND daemon is a memory hog. It uses around 400MB of virtual
memory versus only 100 to 200MB for the general purpose DNS server.
Memory consumption was roughly twice as high before we thought to
recompile BIND as 32bit application.


Here is the core section of the named.conf file from one of our general
dns servers. zones.conf is a file containing all the zones that are common
to both the internal and global view.

view "internal" {
match-clients { 134.117/16; };

zone "rbl-plus.mail-abuse.org" {
type forward;
forwarders { 134.117.1.12; 134.117.1.13; };
};

include "zones.conf";
};

view "global" {
match-clients { any; };

zone "rbl-plus.mail-abuse.org" {
type master;
file "/dev/null";
};

include "zones.conf";
};

--
John Stewart -- Computing and Communications Services, Carleton University
Internet: jstewart@ccs.carleton.ca 613-520-2600x3707
"measure twice, cut once"

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:22 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0