From owner-freebsd-stable@FreeBSD.ORG  Thu Jan  5 00:24:06 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2B49E106564A
	for <freebsd-stable@freebsd.org>; Thu,  5 Jan 2012 00:24:06 +0000 (UTC)
	(envelope-from gkontos.mail@gmail.com)
Received: from mail-iy0-f171.google.com (mail-iy0-f171.google.com
	[209.85.210.171])
	by mx1.freebsd.org (Postfix) with ESMTP id EF2F48FC14
	for <freebsd-stable@freebsd.org>; Thu,  5 Jan 2012 00:24:05 +0000 (UTC)
Received: by iagw33 with SMTP id w33so155277706iag.30
	for <freebsd-stable@freebsd.org>; Wed, 04 Jan 2012 16:24:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=J4oFseX9mlWLqx9oTcCuuZaw55w8h7wRlndZzlUEK3Y=;
	b=v35fqWYuS3ixemZYG/MTPavVaazXLRxRvv/6ohOT87Gq4f2PFNCzHIgBUG+QC4qv7Z
	oy4GRLIq/RmF1LVE27M8VeVE11TdGvVPdjLyFTRNuoyetYoufo3uZfAOt8kpiB2MTp66
	hSUsVZjGitw4p2OQ18rw8SoiWzVWIWxIAZT+E=
MIME-Version: 1.0
Received: by 10.42.175.134 with SMTP id ba6mr58478888icb.23.1325723045314;
	Wed, 04 Jan 2012 16:24:05 -0800 (PST)
Received: by 10.231.20.12 with HTTP; Wed, 4 Jan 2012 16:24:05 -0800 (PST)
Date: Thu, 5 Jan 2012 02:24:05 +0200
Message-ID: <CA+dUSyqQrapYDF91G1q3YrB=YeCDre8Ja2Dkk7_in+00LieCEw@mail.gmail.com>
From: George Kontostanos <gkontos.mail@gmail.com>
To: FreeBSD Stable <freebsd-stable@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Subject: DNSSec on FreeBSD 9.0-RELEASE causes CPU 100%
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 00:24:06 -0000

Greetings everyone,

I was testing DNSSec resolution on BIND 9.8.1-P1 by adding the
following options:

options {
...
dnssec-enable yes;
dnssec-validation auto;
...
};

Unfortunately immediately after named is restarted one CPU reaches
100% utilization.

CPU: 30.1% user,  0.0% nice, 23.6% system,  0.0% interrupt, 46.3% idle
Mem: 111M Active, 14M Inact, 255M Wired, 852K Cache, 3558M Free
Swap: 2048M Total, 2048M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE   C   TIME   WCPU COMMAND
 2178 bind          5  20    0 51364K 13828K kqread  0   0:17 84.18% named

The system is running GENERIC kernel, and it not an authoritative DNS.
Mainly used for testing purposes. My logs don't show anything strange:

Jan  5 02:03:55 hp named[2178]: starting BIND 9.8.1-P1 -t /var/named -u bind
Jan  5 02:03:55 hp named[2178]: built with '--prefix=/usr'
'--infodir=/usr/share/info' '--mandir=/usr/share/man'
'--enable-threads' '--enable-getifaddrs' '--disable-linux-caps'
'--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn'
'--without-libxml2'
Jan  5 02:03:55 hp named[2178]: using built-in root key for view _default
Jan  5 02:03:55 hp named[2178]: command channel listening on 127.0.0.1#953
Jan  5 02:03:55 hp named[2178]: command channel listening on ::1#953
an  5 02:03:55 hp named[2178]: running

Anybody has come across a similar behavior ?

Cheers,

-- 
George Kontostanos
Aicom telecoms ltd