From owner-freebsd-stable@FreeBSD.ORG Sun Feb 5 18:59:16 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D16F1106566C for ; Sun, 5 Feb 2012 18:59:16 +0000 (UTC) (envelope-from arnaud.houdelette@tzim.net) Received: from orlith.tzim.net (orlith.tzim.net [IPv6:2001:41d0:2:1d32::1]) by mx1.freebsd.org (Postfix) with ESMTP id 0CF808FC08 for ; Sun, 5 Feb 2012 18:59:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tzim.net; s=A; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=7YGsRdbTB1nmNeHeRfHwtgtpBpZRtsysOvxIexAWhpw=; b=wpEOQHMan0nB+K1xgC4pdpXZ0SF7KusYJF75JVmSsWDuqMG1lL3hkhSx92WI0oQ07VS0ndiu7eEBkP39j6BuzhbkFPoZkACMAApGfjXXiKk187o7cSR+iulJs22TUtRd; Received: from 12rf.tzim.net ([82.232.60.244] helo=[10.1.0.10]) by orlith.tzim.net with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Ru7Iv-0000FK-6W for freebsd-stable@freebsd.org; Sun, 05 Feb 2012 19:59:13 +0100 Message-ID: <4F2ED17E.6010105@tzim.net> Date: Sun, 05 Feb 2012 19:59:10 +0100 From: Arnaud Houdelette User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Authenticated-User: tzim@tzim.net Subject: Re: DNSSec on FreeBSD 9.0-RELEASE causes CPU 100% X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 18:59:16 -0000 Hi Just FYI, I just encountered the same issue with bind and DNSSEC. Bind was using 100% CPU, even after a restart. Turns out that were a key in the managed-keys folder which was unreadable by bind (permission issue). Hope It can help. Arnaud Houdelette. On 05/01/2012 01:24, George Kontostanos wrote: > Greetings everyone, > > I was testing DNSSec resolution on BIND 9.8.1-P1 by adding the > following options: > > options { > ... > dnssec-enable yes; > dnssec-validation auto; > ... > }; > > Unfortunately immediately after named is restarted one CPU reaches > 100% utilization. > > CPU: 30.1% user, 0.0% nice, 23.6% system, 0.0% interrupt, 46.3% idle > Mem: 111M Active, 14M Inact, 255M Wired, 852K Cache, 3558M Free > Swap: 2048M Total, 2048M Free > > PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND > 2178 bind 5 20 0 51364K 13828K kqread 0 0:17 84.18% named > > The system is running GENERIC kernel, and it not an authoritative DNS. > Mainly used for testing purposes. My logs don't show anything strange: > > Jan 5 02:03:55 hp named[2178]: starting BIND 9.8.1-P1 -t /var/named -u bind > Jan 5 02:03:55 hp named[2178]: built with '--prefix=/usr' > '--infodir=/usr/share/info' '--mandir=/usr/share/man' > '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' > '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' > '--without-libxml2' > Jan 5 02:03:55 hp named[2178]: using built-in root key for view _default > Jan 5 02:03:55 hp named[2178]: command channel listening on 127.0.0.1#953 > Jan 5 02:03:55 hp named[2178]: command channel listening on ::1#953 > an 5 02:03:55 hp named[2178]: running > > Anybody has come across a similar behavior ? > > Cheers, >