Re: BIND 9.2.3, large zone xfer and 100% CPU Utilization

This is a discussion on Re: BIND 9.2.3, large zone xfer and 100% CPU Utilization within the Bind Users forums, part of the DNS and Related Forums category; jstewart@ccs.carleton.ca (John A. Stewart) wrote in message news:<c6c41s$6ar$1@sf1.isc.org>... > ...


Go Back   Usenet Forums > DNS and Related Forums > Bind Users

Reload this Page Re: BIND 9.2.3, large zone xfer and 100% CPU Utilization

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-26-2004
Alex Rainchik
 
Posts: n/a
Default Re: BIND 9.2.3, large zone xfer and 100% CPU Utilization
jstewart@ccs.carleton.ca (John A. Stewart) wrote in message news:<c6c41s$6ar$1@sf1.isc.org>...

> We were stumped with the same problem for a while. Our first attempt at
> solving the problem was to move dns service to a dedicated machine. That
> helped, but there was still a window after the zone transfer had completed
> where the dns server would not respond.
>
> What we do now is
>
> 1) We have two BIND daemons that only handle the RBL+ zone. One server
> transfers the zone from mail-abuse.com while the other server transfers
> the zone from the first server. This ensures that one of the servers
> will always be able to respond since the two servers will never be
> trying to apply a zone update simulataneously.
>
> 2) We have two bind daemons that are used by our client machines to handle
> dns queries and that are authoritative for all our domains. These
> servers forward RBL+ lookups to the two dns servers that carry the
> RBL+ zone. As I explained in 1), one of these two servers should always
> be able to respond immediately. To restrict who can access RBL+ data
> as per our contract with mail-abuse.org we need to use the view
> facility in BIND.
>
> 3) Physically, we have two machines running dns services. Each machine
> runs two BIND daemons (one general purpose and one RBL+ only). Of
> course, the second BIND daemon has to be bound to a separate virtual
> interface.
>
> 4) The RBL+ BIND daemon is a memory hog. It uses around 400MB of virtual
> memory versus only 100 to 200MB for the general purpose DNS server.
> Memory consumption was roughly twice as high before we thought to
> recompile BIND as 32bit application.
>
>

John,

Thank you for sharing your solution! I think I'll try to implement it
on our site. Thank you again!

While I was researching the issue I had to come up with a "quick fix",
so I've added "min-refresh-time 86400;" to RBL+ zone in my named.conf.
Now this zone is updated once every 24 hours instead of every 3 hours.

Another nice idea was to make my server master server for RBL+ zone
and download zone file from cron, but it didn't seem to eliminate CPU
spikes and going into "no resposne" state.

P.S. I was on the phone with mail-abuse's tech support just to confirm
they do not support IXFR at this time...

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 02:03 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0