Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 05 Feb 2012 19:59:10 +0100
From:      Arnaud Houdelette <arnaud.houdelette@tzim.net>
To:        freebsd-stable@freebsd.org
Subject:   Re: DNSSec on FreeBSD 9.0-RELEASE causes CPU 100%
Message-ID:  <4F2ED17E.6010105@tzim.net>
In-Reply-To: <CA%2BdUSyqQrapYDF91G1q3YrB=YeCDre8Ja2Dkk7_in%2B00LieCEw@mail.gmail.com>
References:  <CA%2BdUSyqQrapYDF91G1q3YrB=YeCDre8Ja2Dkk7_in%2B00LieCEw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi

Just FYI, I just encountered the same issue with bind and DNSSEC.

Bind was using 100% CPU, even after a restart.

Turns out that were a key in the managed-keys folder which was 
unreadable by bind (permission issue).

Hope It can help.

Arnaud Houdelette.

On 05/01/2012 01:24, George Kontostanos wrote:
> Greetings everyone,
>
> I was testing DNSSec resolution on BIND 9.8.1-P1 by adding the
> following options:
>
> options {
> ...
> dnssec-enable yes;
> dnssec-validation auto;
> ...
> };
>
> Unfortunately immediately after named is restarted one CPU reaches
> 100% utilization.
>
> CPU: 30.1% user,  0.0% nice, 23.6% system,  0.0% interrupt, 46.3% idle
> Mem: 111M Active, 14M Inact, 255M Wired, 852K Cache, 3558M Free
> Swap: 2048M Total, 2048M Free
>
>    PID USERNAME    THR PRI NICE   SIZE    RES STATE   C   TIME   WCPU COMMAND
>   2178 bind          5  20    0 51364K 13828K kqread  0   0:17 84.18% named
>
> The system is running GENERIC kernel, and it not an authoritative DNS.
> Mainly used for testing purposes. My logs don't show anything strange:
>
> Jan  5 02:03:55 hp named[2178]: starting BIND 9.8.1-P1 -t /var/named -u bind
> Jan  5 02:03:55 hp named[2178]: built with '--prefix=/usr'
> '--infodir=/usr/share/info' '--mandir=/usr/share/man'
> '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps'
> '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn'
> '--without-libxml2'
> Jan  5 02:03:55 hp named[2178]: using built-in root key for view _default
> Jan  5 02:03:55 hp named[2178]: command channel listening on 127.0.0.1#953
> Jan  5 02:03:55 hp named[2178]: command channel listening on ::1#953
> an  5 02:03:55 hp named[2178]: running
>
> Anybody has come across a similar behavior ?
>
> Cheers,
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F2ED17E.6010105>