Hello Florian -
You are my hero and new best friend. I stopped syslog:
[root@ns1 lisinc]# /sbin/service syslog stop
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
...and all the problems cleared up instantly, so you called it correctly.
I had noticed in /var/log/messages that basically every query was being
logged:
Nov 12 06:23:54 ns1 named[8349]: client 64.12.139.83#37778: query:
219.161.72.64.in-addr.arpa IN ANY -E
Nov 12 06:23:54 ns1 named[8349]: client 208.69.32.21#17245: query:
129.160.72.64.in-addr.arpa IN PTR -
Nov 12 06:23:54 ns1 named[8349]: client 64.12.139.81#31273: query:
211.21.140.204.in-addr.arpa IN PTR -E
Nov 12 06:23:54 ns1 named[8349]: client 74.125.18.212#62466: query:
217.94.119.199.in-addr.arpa IN PTR -
I've been corresponding with several people on this issue but no one had
questioned that when I pointed it out.
I really don't need this kind of logging in the messages log. I can turn
on query logging in the named.conf if I need more detail on named. I
think the simplest thing would just be to have an exclusion in the
syslog config for named. I confess some general ignorance, so perhaps
you know the directive for that?
Thanks again!
Ed
On 11/11/2012 10:56 PM, Florian Weimer wrote:
* Ed LaFrance:
Thanks for chiming in. Named is PID 8349 in my case. Here's a snippet
of the output from strace:
[pid 8351] send(3, "<30>Nov 11 13:07:25 named[8349]:"..., 107,
MSG_NOSIGNAL) = 107<0.015232>
[pid 8353] send(3, "<30>Nov 11 13:07:25 named[8349]:"..., 103,
[pid 8353]<... send resumed> ) = 103<0.015034>
This look like syslog logging is the culprit, each syslog message
takes 15ms to complete.
There could be several causes: syslogd is logging synchronously to
disk (doing an fsync after each message), something else in the system
is producing an extremely large number of messages (syslogd is
single-threaded), or there is a request loop where writing out the
syslog message for each reverse DNS request requires itself a reverse
DNS lookup.
You should also check if named is expected to log this many messages
in the first place. You can pass "-s 200" to strace to see more of
the logging message, so this should help to identify what's going on.
I don't think this has got anything to do with the particular BIND
version you use.
--
(800) 362-7579 ext 1
+-------------------------------------------------------+
+ Colocation Dedicated Servers IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc. direct: (916) 265-1568
11230 Gold Express Dr #310-313 fax: (916) 880-5663
Gold River, CA 95670 http://connexinternet.com
+-------------------------------------------------------+
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
