我刚刚注意到,named
对于只有几个域的非常小的网络来说,这会占用大量的 CPU 时间。有人能帮我确定哪里配置错误吗?或者如何调试它。
top
top - 14:13:08 up 25 days, 14:16, 1 user, load average: 1.04, 1.04, 1.05
Tasks: 149 total, 1 running, 148 sleeping, 0 stopped, 0 zombie
%Cpu(s): 17.3 us, 4.3 sy, 0.0 ni, 78.2 id, 0.1 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 2042776 total, 1347916 used, 694860 free, 249396 buffers
KiB Swap: 3976080 total, 30552 used, 3945528 free, 574164 cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
17445 bind 20 0 244m 42m 3124 S 99.4 2.2 2345:03 named
rndc stats
+++ Statistics Dump +++ (1352931389)
++ Incoming Requests ++
65869 QUERY
++ Incoming Queries ++
31809 A
241 NS
3 CNAME
27455 SOA
276 PTR
123 MX
462 TXT
5400 AAAA
7 A6
1 DS
14 DNSKEY
15 SPF
55 AXFR
8 ANY
++ Outgoing Queries ++
[View: internal]
22206 A
509 NS
10 SOA
25 PTR
12 MX
524 TXT
4851 AAAA
62 DNSKEY
19 SPF
3157 DLV
[View: external]
87 A
2 NS
80 AAAA
120 DNSKEY
7 DLV
[View: _bind]
++ Name Server Statistics ++
65869 IPv4 requests received
27670 requests with EDNS(0) received
112 TCP requests received
65652 responses sent
20 truncated responses sent
27670 responses with EDNS(0) sent
62920 queries resulted in successful answer
37117 queries resulted in authoritative answer
28482 queries resulted in non authoritative answer
7 queries resulted in referral answer
591 queries resulted in nxrrset
53 queries resulted in SERVFAIL
2081 queries resulted in NXDOMAIN
14530 queries caused recursion
162 duplicate queries received
55 requested transfers completed
++ Zone Maintenance Statistics ++
109536 IPv4 notifies sent
++ Resolver Statistics ++
[Common]
[View: internal]
29362 IPv4 queries sent
2013 IPv6 queries sent
28531 IPv4 responses received
4209 NXDOMAIN received
6 SERVFAIL received
31 FORMERR received
32 EDNS(0) query failures
3359 query retries
836 query timeouts
5348 IPv4 NS address fetches
3271 IPv6 NS address fetches
83 IPv4 NS address fetch failed
2779 IPv6 NS address fetch failed
17421 DNSSEC validation attempted
12731 DNSSEC validation succeeded
4690 DNSSEC NX validation succeeded
21104 queries with RTT 10-100ms
7418 queries with RTT 100-500ms
3 queries with RTT 500-800ms
1 queries with RTT 800-1600ms
[View: external]
192 IPv4 queries sent
104 IPv6 queries sent
192 IPv4 responses received
2 NXDOMAIN received
104 query retries
44 IPv4 NS address fetches
44 IPv6 NS address fetches
1 IPv4 NS address fetch failed
1 IPv6 NS address fetch failed
4 DNSSEC validation attempted
3 DNSSEC validation succeeded
1 DNSSEC NX validation succeeded
152 queries with RTT 10-100ms
40 queries with RTT 100-500ms
[View: _bind]
++ Cache DB RRsets ++
[View: internal (Cache: internal)]
2007 A
652 NS
131 CNAME
1 MX
32 TXT
421 AAAA
28 DS
244 RRSIG
110 NSEC
3 DNSKEY
2 !A
2 !TXT
89 !AAAA
2 !SPF
14 !DLV
148 NXDOMAIN
[View: external (Cache: external)]
55 A
12 NS
34 AAAA
2 DS
10 RRSIG
1 DNSKEY
[View: _bind (Cache: _bind)]
++ Socket I/O Statistics ++
82958 UDP/IPv4 sockets opened
2118 UDP/IPv6 sockets opened
4 TCP/IPv4 sockets opened
1 TCP/IPv6 sockets opened
82956 UDP/IPv4 sockets closed
2117 UDP/IPv6 sockets closed
58 TCP/IPv4 sockets closed
15 UDP/IPv4 socket bind failures
2117 UDP/IPv6 socket connect failures
29554 UDP/IPv4 connections established
59 TCP/IPv4 connections accepted
2117 UDP/IPv6 send errors
5 UDP/IPv4 recv errors
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1352931389)
答案1
您的 BIND 版本是什么?我刚刚发现以下链接中描述的 BIND 9.7.3 可能存在错误
答案2
@DavidSchwartz 说得对:
也许您的named.conf缺少一个重要的行,例如managed-keys-directory“ / var / named / dynamic”; dmesg输出中是否有任何与named相关的错误? – David Schwartz 11月15日0:53
错过了最重要的那key-directory "/path/to/dnssec/keys";
句话。——我