CPU usage of named daemon on CentOS 6

0

1

I'm having an issue with the name server daemon using up more CPU than I can understand. I got to this issue while trying to figure out why the VPS I'm running feels slow.

First off, the problem of named having a high-CPU usage is not new: this question provided me with steps meant to fix the issue. The problem I have is that although I've followed the steps in the detailed answer by @efesaid with success, I still see a quite active and CPU-hungry process.

The server is a VPS running an up-to-date CentOS 6.8 with basic server services and strictly nothing fancy (web server with PHP5.5 support, FTP, e-mail server, and LDAP). yum list installed bind reveals that the version of the installed package is 9.8.2-0.47.rc1.el6.

I've just checked the contents of all zone files and, as far as I can tell, the contents is correct. There are only 4 zones and an average of 6 records per zone.

Here is a screenshot of top (although the display is not sorted by time, I can confirm that named is by far the greediest process – the values in the screenshot represent a rough average of 11.7% over the course of two days):

Screenshot of system monitoring using top

I've already started to prepare a migration to CentOS 7, and I've installed a VM on my computer for testing. But since this option would require much work, with making backups, reinstalling all software, migrating the data and duplicating/adapting the configuration, let alone testing, I'm left with considering other options.

Although just about every post or message I could find online points to adding managed-keys-directory "/var/named/dynamic"; in the configuration file and stops there, I feel like there's something inherently wrong with a non-serving daemon that never goes idle. I've SSH'ed into my VPS 9 hours ago and it's the only process that has been constantly running.

Is there anything more I can do to figure out what's going on? To be clear, I know there's a problem with the named process and I'm trying to diagnose it.

Also, given that the issue is supposed to have been dealt with in version 9.9.3 and CentOS 6 is using 9.8.2, is using a non official repository that provides an updated version of bind?

AbVog

Posted 2016-07-06T16:12:25.427

Reputation: 521

Did you look at bind's logs to see what the requests look like or if it produces errors? Is your bind accepting recursive requests? Do you have any type of security like fail2ban which could be used to block certain abuses? – Julie Pelletier – 2016-07-06T16:19:26.830

Yes, I did. I checked, per indications on the other question I linked to, the logs in the data/named.run file. No errors whatsoever. There were warnings such as NS has no address records (A or AAAA) and I fixed them earlier today, which didn't change anything as to this problem. Is that the logs you are referring to? – AbVog – 2016-07-06T18:53:40.840

And yes, the server accepts recursive requests. But it's eating up CPU even when reporting no active requests. fail2ban service is active and has 0 jails. – AbVog – 2016-07-06T19:02:44.840

You should never have an open DNS server unless you wish to attract DNS attacks. To troubleshoot, do a request on your DNS server and see if it appears in the log. – Julie Pelletier – 2016-07-07T04:05:36.890

Following your comment, I have stopped the name server on my VPS and resorted to using the name servers offered by the ISP, which is OVH. I guess they'll do a better job at securing their name servers than I can at securing mine and that generally speaking they'll know better. I'll later see to disabling it entirely. Merci, Julie. – AbVog – 2016-07-08T13:33:10.797

No answers

Asked: 2016-07-06T16:12:25.427

Viewed: 570 times

Active: 2016-07-06T16:12:25.427