Bind 9.8.1 `named` 进程的 CPU 利用率过高

Bind 9.8.1 `named` 进程的 CPU 利用率过高

我刚刚注意到,named对于只有几个域的非常小的网络来说,这会占用大量的 CPU 时间。有人能帮我确定哪里配置错误吗?或者如何调试它。

top

top - 14:13:08 up 25 days, 14:16,  1 user,  load average: 1.04, 1.04, 1.05
Tasks: 149 total,   1 running, 148 sleeping,   0 stopped,   0 zombie
%Cpu(s): 17.3 us,  4.3 sy,  0.0 ni, 78.2 id,  0.1 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:   2042776 total,  1347916 used,   694860 free,   249396 buffers
KiB Swap:  3976080 total,    30552 used,  3945528 free,   574164 cached
  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND
17445 bind      20   0  244m  42m 3124 S  99.4  2.2   2345:03 named

rndc stats

+++ Statistics Dump +++ (1352931389)
++ Incoming Requests ++
           65869 QUERY
++ Incoming Queries ++
           31809 A
             241 NS
               3 CNAME
           27455 SOA
             276 PTR
             123 MX
             462 TXT
            5400 AAAA
               7 A6
               1 DS
              14 DNSKEY
              15 SPF
              55 AXFR
               8 ANY
++ Outgoing Queries ++
[View: internal]
           22206 A
             509 NS
              10 SOA
              25 PTR
              12 MX
             524 TXT
            4851 AAAA
              62 DNSKEY
              19 SPF
            3157 DLV
[View: external]
              87 A
               2 NS
              80 AAAA
             120 DNSKEY
               7 DLV
[View: _bind]
++ Name Server Statistics ++
           65869 IPv4 requests received
           27670 requests with EDNS(0) received
             112 TCP requests received
           65652 responses sent
              20 truncated responses sent
           27670 responses with EDNS(0) sent
           62920 queries resulted in successful answer
           37117 queries resulted in authoritative answer
           28482 queries resulted in non authoritative answer
               7 queries resulted in referral answer
             591 queries resulted in nxrrset
              53 queries resulted in SERVFAIL
            2081 queries resulted in NXDOMAIN
           14530 queries caused recursion
             162 duplicate queries received
              55 requested transfers completed
++ Zone Maintenance Statistics ++
          109536 IPv4 notifies sent
++ Resolver Statistics ++
[Common]
[View: internal]
           29362 IPv4 queries sent
            2013 IPv6 queries sent
           28531 IPv4 responses received
            4209 NXDOMAIN received
               6 SERVFAIL received
              31 FORMERR received
              32 EDNS(0) query failures
            3359 query retries
             836 query timeouts
            5348 IPv4 NS address fetches
            3271 IPv6 NS address fetches
              83 IPv4 NS address fetch failed
            2779 IPv6 NS address fetch failed
           17421 DNSSEC validation attempted
           12731 DNSSEC validation succeeded
            4690 DNSSEC NX validation succeeded
           21104 queries with RTT 10-100ms
            7418 queries with RTT 100-500ms
               3 queries with RTT 500-800ms
               1 queries with RTT 800-1600ms
[View: external]
             192 IPv4 queries sent
             104 IPv6 queries sent
             192 IPv4 responses received
               2 NXDOMAIN received
             104 query retries
              44 IPv4 NS address fetches
              44 IPv6 NS address fetches
               1 IPv4 NS address fetch failed
               1 IPv6 NS address fetch failed
               4 DNSSEC validation attempted
               3 DNSSEC validation succeeded
               1 DNSSEC NX validation succeeded
             152 queries with RTT 10-100ms
              40 queries with RTT 100-500ms
[View: _bind]
++ Cache DB RRsets ++
[View: internal (Cache: internal)]
            2007 A
             652 NS
             131 CNAME
               1 MX
              32 TXT
             421 AAAA
              28 DS
             244 RRSIG
             110 NSEC
               3 DNSKEY
               2 !A
               2 !TXT
              89 !AAAA
               2 !SPF
              14 !DLV
             148 NXDOMAIN
[View: external (Cache: external)]
              55 A
              12 NS
              34 AAAA
               2 DS
              10 RRSIG
               1 DNSKEY
[View: _bind (Cache: _bind)]
++ Socket I/O Statistics ++
           82958 UDP/IPv4 sockets opened
            2118 UDP/IPv6 sockets opened
               4 TCP/IPv4 sockets opened
               1 TCP/IPv6 sockets opened
           82956 UDP/IPv4 sockets closed
            2117 UDP/IPv6 sockets closed
              58 TCP/IPv4 sockets closed
              15 UDP/IPv4 socket bind failures
            2117 UDP/IPv6 socket connect failures
           29554 UDP/IPv4 connections established
              59 TCP/IPv4 connections accepted
            2117 UDP/IPv6 send errors
               5 UDP/IPv4 recv errors
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1352931389)

答案1

您的 BIND 版本是什么?我刚刚发现以下链接中描述的 BIND 9.7.3 可能存在错误

https://bugzilla.redhat.com/show_bug.cgi?id=709205

答案2

@DavidSchwartz 说得对:

也许您的named.conf缺少一个重要的行,例如managed-keys-directory“ / var / named / dynamic”; dmesg输出中是否有任何与named相关的错误? – David Schwartz 11月15日0:53

错过了最重要的那key-directory "/path/to/dnssec/keys";句话。——我

相关内容