Добрый день.
Такая проблема, никак не удается поставить DNS сервер(пробовал Unbound 1.4.19 и Bind9.9)на FreeBSD 9.0. Через несколько часов после запуска, начинаются большие задержки. Из-за чего не удается пропинговать многие сервисы и соответственно отваливаются странички при загрузке в браузере.Первым испытал Unbound 1.4.19. Первые часы, работал стабильно. Больших задержек не было. Часа через два начались обрывы. Idle при этом составлял больше 90%. После нескольких дней разбирательств решил снести, и поставил Bind9.9. Ситуация повторилась - несколько часов стабильной работы и снова начались обрывы. Также в такие моменты очень долго происходит коннект по ssh и долго открывается mc. Часть страничек все же удается загрузить (обычно 3-5 из 10).
Вот так выглядит top -S в момент обрывов:
last pid: 9503; load averages: 0.00, 0.01, 0.00 up 0+20:09:16 15:33:35
46 processes: 2 running, 40 sleeping, 3 stopped, 1 waiting
CPU: 6.7% user, 0.0% nice, 6.7% system, 6.7% interrupt, 80.0% idle
Mem: 46M Active, 284M Inact, 121M Wired, 128K Cache, 107M Buf, 506M Free
Swap: 1431M Total, 1431M FreePID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
11 root 1 155 ki31 0K 8K RUN 19.4H 96.78% idle
1423 root 1 -16 - 0K 8K sleep 8:53 0.29% ng_queue
15 root 17 -68 - 0K 136K - 6:14 0.20% usb
12 root 19 -84 - 0K 152K WAIT 14:21 0.00% intr
0 root 10 -52 0 0K 80K - 6:33 0.00% kernel
9 root 1 16 - 0K 8K syncer 1:38 0.00% syncer
1500 bind 4 20 0 70572K 53704K kqread 1:30 0.00% named
1675 root 1 20 0 9612K 1112K select 0:50 0.00% powerd
14 root 1 -16 - 0K 8K - 0:26 0.00% yarrow
13 root 3 -8 - 0K 24K - 0:06 0.00% geom
1416 root 2 52 0 21760K 6264K select 0:06 0.00% mpd5
1747 root 1 20 0 11324K 3604K select 0:02 0.00% sendmail
16 root 1 -16 - 0K 8K tzpoll 0:02 0.00% acpi_thermal
8505 root 1 20 0 15788K 4852K select 0:01 0.00% sshd
19 root 1 -16 - 0K 8K sdflus 0:01 0.00% softdepflush
9429 root 1 20 0 9944K 1840K RUN 0:01 0.00% top
606 _dhcp 1 20 0 9540K 1468K select 0:01 0.00% dhclient
568 root 1 35 0 9540K 1336K select 0:01 0.00% dhclient
18 root 1 -16 - 0K 8K vlruwt 0:01 0.00% vnlru
1397 root 1 20 0 9612K 1392K select 0:00 0.00% syslogd
2 root 1 -16 - 0K 8K - 0:00 0.00% fdc0
8 root 1 -16 - 0K 8K psleep 0:00 0.00% bufdaemon
8512 root 1 20 0 9944K 1836K STOP 0:00 0.00% top
1757 root 1 52 0 9644K 1432K nanslp 0:00 0.00% cron
5 root 1 -16 - 0K 8K psleep 0:00 0.00% pagedaemon
8508 root 1 20 0 10940K 2752K pause 0:00 0.00% csh
17 root 1 -16 - 0K 8K coolin 0:00 0.00% acpi_cooling0
8630 root 1 20 0 9944K 1840K STOP 0:00 0.00% top
1751 smmsp 1 20 0 11324K 3428K pause 0:00 0.00% sendmail
8752 root 1 20 0 9944K 1840K STOP 0:00 0.00% top
1181 root 1 52 0 12128K 2608K select 0:00 0.00% devd
1 root 1 20 0 8032K 532K wait 0:00 0.00% init
1740 root 1 20 0 13064K 4232K select 0:00 0.00% sshd
1820 root 1 52 0 9612K 1192K ttyin 0:00 0.00% getty
1821 root 1 52 0 9612K 1192K ttyin 0:00 0.00% getty
1823 root 1 52 0 9612K 1192K ttyin 0:00 0.00% gettyА так vmstat 2 30:
procs memory page disks faults cpu
r b w avm fre flt re pi po fr sr ad0 pa0 in sy cs us sy id
1 0 0 315M 506M 12 0 0 0 70 0 0 0 364 130 7266 0 3 96
0 0 0 315M 506M 0 0 0 0 64 0 2 0 260 142 6980 0 5 95
0 0 0 315M 506M 0 0 0 0 60 0 0 0 399 146 7328 0 4 96
0 0 0 315M 506M 0 0 0 0 60 0 0 0 252 428 7046 0 3 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 351 367 7423 1 7 93
0 0 0 315M 506M 0 0 0 0 60 0 0 0 285 368 7166 0 3 97
0 0 0 315M 506M 0 0 0 0 60 0 0 0 425 220 7573 0 5 95
0 0 0 315M 506M 0 0 0 0 60 0 0 0 350 103 7251 0 4 96
0 0 0 315M 506M 0 0 0 0 60 0 0 0 394 164 7524 0 5 95
0 0 0 315M 506M 0 0 0 0 60 0 6 0 249 91 7036 0 9 91
0 0 0 315M 506M 0 0 0 0 64 0 1 0 358 111 7374 0 6 94
0 0 0 315M 506M 0 0 0 0 60 0 0 0 467 95 7728 0 6 94
0 0 0 315M 506M 0 0 0 0 60 0 0 0 396 88 7396 0 3 97
1 0 0 315M 506M 0 0 0 0 60 0 0 0 381 140 7425 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 330 96 7309 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 352 111 7349 0 5 95
1 0 0 315M 506M 0 0 0 0 60 0 0 0 388 92 7483 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 309 91 7233 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 329 136 7298 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 305 79 7157 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 448 113 7369 0 3 97
1 0 0 315M 506M 0 0 0 0 60 0 0 0 295 89 7032 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 287 83 7132 0 3 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 260 141 7063 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 271 79 7131 0 5 95
1 0 0 315M 506M 0 0 0 0 60 0 1 0 250 110 7151 0 8 92
1 0 0 315M 506M 0 0 0 0 60 0 0 0 271 89 7042 0 1 98
2 0 0 315M 506M 0 0 0 0 60 0 0 0 310 86 7213 0 3 97
1 0 0 315M 506M 0 0 0 0 64 0 1 0 349 133 7366 0 4 96
1 0 0 315M 506M 0 0 0 0 60 0 0 0 324 79 7201 0 5 95Конфиг BIND'a:options {
hostname "Mynet DNS Server";
version "1.0";
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
max-cache-size 209715200;
listen-on {
127.0.0.1;
192.168.0.130;
};
forwarders {
8.8.8.8;
};
allow-query { any; };
allow-query-cache { any; };
};logging {
channel my-default {
file "/var/log/default.log" versions 5 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel general {
file "/var/log/general.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel database {
file "/var/log/database.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel security {
file "/var/log/security.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel config {
file "/var/log/config.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel resolver {
file "/var/log/resolver.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel xfer-in {
file "/var/log/xfer-in.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel xfer-out {
file "/var/log/xfer-out.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel notify {
file "/var/log/xfer-in.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel xfer-out {
file "/var/log/xfer-out.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel notify {
file "/var/log/notify.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel client {
file "/var/log/client.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel unmatched {
file "/var/log/unmatched.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel network {
file "/var/log/network.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};
channel update {
file "/var/log/update.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel queries {
file "/var/log/queries.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel dispatch {
file "/var/log/dispatch.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel dnssec {
file "/var/log/dnssec.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};channel lame-servers {
file "/var/log/lame-servers.log" versions 2 size 10m;
print-time yes;
print-category yes;
print-severity yes;
};
category default { my-default; };
category general { my-default; general; };
category database { my-default; database; };
category security { my-default; security; };
category config { my-default; config; };
category resolver { my-default; resolver; };
category xfer-in { my-default; xfer-in; };
category xfer-out { my-default; xfer-out; };
category notify { my-default; notify;};
category client { my-default; client;};
category unmatched { my-default; };
category network { my-default; network; };
category update { my-default; update; };
category queries { queries; };
category dispatch { my-default; dispatch; };
category dnssec { my-default; dnssec; };
category lame-servers { lame-servers; };
};zone "." {
type hint;
file "named.root";
};zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};key "rndc-key" {
algorithm hmac-md5;
secret "Vo6Ildi6zdIMygkiUsDxlg==";
};controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
Процессор на сервере celeron 2.4 GHZ, размер оперативной памяти - 1024 mb.Пожалуйста помогите разобраться в проблема. Спасибо всем кто отписался.
Так же пробовал в конфиге BIND'a в forwarders {}; выставлять DNS провайдера, не помогает.
У сервера белый IP? Сервис DNS доступен снаружи?
Запрети рекурсию с чужих адресов, пусть только обслуживает свою сеть.
Была на днях атака DDOS, а может еще и идет. Использовали открытые DNS-сервера.
Форвард тоже можно убрать, пусть используется только локальный кеш.
> У сервера белый IP? Сервис DNS доступен снаружи?
> Запрети рекурсию с чужих адресов, пусть только обслуживает свою сеть.
> Была на днях атака DDOS, а может еще и идет. Использовали открытые
> DNS-сервера.
> Форвард тоже можно убрать, пусть используется только локальный кеш.Пробовал выставить так
#forwarders {
# 8.8.8.8;
#};
allow-query { 127.0.0.1; 10.10.0.0/16; 192.168.0.0/24; }; #10.10.0.0/16 - Lan, 192.168.0.0/24 - vpn
allow-query-cache { 127.0.0.1; 10.10.0.0/16; 192.168.0.0/24; }; #10.10.0.0/16 - Lan, 192.168.0.0/24 - vpnне помогает.
попробуй allow-recursion {список сетей}
> попробуй allow-recursion {список сетей}тоже не помогло. Как только меняю DNS адрес в конфиге mpd5, сразу после перезапуска начинаются обрывы.
Выложу немного логов за последние несколько минут, может это прояснить ситуацию.
client.log
28-Mar-2013 22:17:35.253 client: warning: client 10.10.19.71#2050 (frogadvert.ru): error sending response: host unreachable
28-Mar-2013 22:17:35.254 client: warning: client 10.10.19.71#2050 (frogadvert.ru): error sending response: host unreachable
28-Mar-2013 22:17:36.097 client: warning: client 10.10.16.53#63937 (bsdportal.ru): error sending response: host unreachabledefault.log
28-Mar-2013 23:33:19.605 edns-disabled: info: success resolving 'ns2.easydns.com/AAAA' (in 'easydns.com'?) after reducing the advertised EDNS UDP packet
28-Mar-2013 23:33:19.607 edns-disabled: info: success resolving 'ns2.easydns.com/A' (in 'easydns.com'?) after reducing the advertised EDNS UDP packet siz
28-Mar-2013 23:33:21.752 edns-disabled: info: success resolving 'dns3.easydns.org/A' (in 'easydns.org'?) after reducing the advertised EDNS UDP packet si
28-Mar-2013 23:33:21.769 edns-disabled: info: success resolving 'ksn-stat-geo.kaspersky-labs.com/A' (in 'kaspersky-labs.com'?) after reducing the adverti
28-Mar-2013 23:33:23.441 edns-disabled: info: success resolving 'ns2.bil.su/AAAA' (in 'bil.su'?) after disabling EDNS
28-Mar-2013 23:33:23.495 edns-disabled: info: success resolving 'ns3.timeweb.org/A' (in 'timeweb.org'?) after disabling EDNS
28-Mar-2013 23:33:23.495 edns-disabled: info: success resolving 'ns4.timeweb.org/A' (in 'timeweb.org'?) after disabling EDNS
28-Mar-2013 23:33:23.495 edns-disabled: info: success resolving 'ns4.timeweb.org/AAAA' (in 'timeweb.org'?) after disabling EDNS
28-Mar-2013 23:33:23.503 edns-disabled: info: success resolving 'ns3.timeweb.org/AAAA' (in 'timeweb.org'?) after disabling EDNS
28-Mar-2013 23:33:31.366 edns-disabled: info: success resolving './NS' (in '.'?) after disabling EDNS
28-Mar-2013 23:33:31.461 edns-disabled: info: success resolving 'ksn-u-1.kaspersky-labs.com/A' (in 'kaspersky-labs.com'?) after disabling EDNS
28-Mar-2013 23:33:33.311 edns-disabled: info: success resolving 'counter.rambler.ru/A' (in 'rambler.ru'?) after disabling EDNS
28-Mar-2013 23:35:50.348 edns-disabled: info: success resolving 'dnl-05.geo.kaspersky.com/A' (in 'geo.kaspersky.com'?) after reducing the advertised EDNS
28-Mar-2013 23:35:50.883 edns-disabled: info: success resolving 'ad.yieldmanager.com/A' (in 'yieldmanager.com'?) after reducing the advertised EDNS UDP p
28-Mar-2013 23:35:50.898 edns-disabled: info: success resolving 'login.yahoo.com/A' (in 'yahoo.com'?) after reducing the advertised EDNS UDP packet sizegeneral.log
28-Mar-2013 23:32:08.314 general: info: received control channel command 'reload'
28-Mar-2013 23:32:08.314 general: info: loading configuration from '/etc/namedb/named.conf'
28-Mar-2013 23:32:08.317 general: info: using default UDP/IPv4 port range: [49152, 65535]
28-Mar-2013 23:32:08.317 general: info: using default UDP/IPv6 port range: [49152, 65535]
28-Mar-2013 23:32:08.320 general: info: sizing zone task pool based on 2 zones
28-Mar-2013 23:32:08.330 general: error: the working directory is not writable
28-Mar-2013 23:32:08.338 general: info: reloading configuration succeeded
28-Mar-2013 23:32:08.338 general: info: reloading zones succeeded
28-Mar-2013 23:32:08.341 general: error: zone 0.0.127.IN-ADDR.ARPA/IN: has no NS records
28-Mar-2013 23:32:08.342 general: error: zone 0.0.127.IN-ADDR.ARPA/IN: not loaded due to errors.
28-Mar-2013 23:32:08.353 general: notice: all zones loaded
28-Mar-2013 23:32:08.353 general: notice: runninglame-servers.log
28-Mar-2013 23:39:01.699 lame-servers: info: error (host unreachable) resolving 'bt3.rutracker.org/TXT/IN': 2001:500:c::1#53
28-Mar-2013 23:39:01.700 lame-servers: info: error (host unreachable) resolving 'bt3.rutracker.org/TXT/IN': 2001:500:b::1#53
28-Mar-2013 23:39:06.171 lame-servers: info: error (host unreachable) resolving 'www.bloombergblack.com/A/IN': 2001:503:231d::2:30#53
28-Mar-2013 23:39:11.902 lame-servers: info: error (host unreachable) resolving 'bt3.rutracker.org/A/IN': 2001:500:40::1#53
28-Mar-2013 23:39:11.902 lame-servers: info: error (host unreachable) resolving 'bt3.rutracker.org/A/IN': 2001:500:f::1#53
28-Mar-2013 23:39:11.903 lame-servers: info: error (host unreachable) resolving 'bt3.rutracker.org/A/IN': 2001:500:e::1#53
28-Mar-2013 23:39:11.903 lame-servers: info: error (host unreachable) resolving 'bt3.rutracker.org/A/IN': 2001:500:48::1#53
28-Mar-2013 23:39:11.903 lame-servers: info: error (host unreachable) resolving 'bt3.rutracker.org/A/IN': 2001:500:c::1#53
28-Mar-2013 23:39:11.904 lame-servers: info: error (host unreachable) resolving 'bt3.rutracker.org/A/IN': 2001:500:b::1#53
28-Mar-2013 23:39:16.928 lame-servers: info: error (host unreachable) resolving 'a.ns.facebook.com/AAAA/IN': 2001:dc3::35#53
28-Mar-2013 23:39:16.929 lame-servers: info: error (host unreachable) resolving 'b.ns.facebook.com/AAAA/IN': 2001:dc3::35#53
28-Mar-2013 23:39:16.930 lame-servers: info: error (host unreachable) resolving './NS/IN': 2001:dc3::35#53network.log
27-Mar-2013 18:44:02.079 network: info: no longer listening on 10.10.16.51#53
27-Mar-2013 18:44:02.079 network: info: no longer listening on 127.0.0.1#53
27-Mar-2013 19:23:14.251 network: info: no longer listening on 10.10.16.51#53
27-Mar-2013 19:23:14.252 network: info: no longer listening on 127.0.0.1#53
28-Mar-2013 17:27:19.862 network: info: no longer listening on 10.10.16.51#53
28-Mar-2013 17:27:19.890 network: info: no longer listening on 127.0.0.1#53
28-Mar-2013 17:54:26.218 network: info: no longer listening on 10.10.16.51#53
28-Mar-2013 17:54:26.287 network: info: no longer listening on 127.0.0.1#53
28-Mar-2013 17:57:12.841 network: info: no longer listening on 10.10.16.51#53
28-Mar-2013 17:57:13.077 network: info: no longer listening on 127.0.0.1#53queries.log
28-Mar-2013 23:39:14.695 queries: info: client 10.10.16.53#50590 (www.odnoklassniki.ru): query: www.odnoklassniki.ru IN A + (10.10.16.51)
28-Mar-2013 23:39:14.818 queries: info: client 10.10.16.53#49196 (dnl-17.geo.kaspersky.com): query: dnl-17.geo.kaspersky.com IN A + (10.10.16.51)
28-Mar-2013 23:39:16.695 queries: info: client 10.10.16.53#50590 (www.odnoklassniki.ru): query: www.odnoklassniki.ru IN A + (10.10.16.51)
28-Mar-2013 23:39:16.818 queries: info: client 10.10.16.53#49196 (dnl-17.geo.kaspersky.com): query: dnl-17.geo.kaspersky.com IN A + (10.10.16.51)
28-Mar-2013 23:39:18.258 queries: info: client 10.10.16.53#63114 (bt3.rutracker.org): query: bt3.rutracker.org IN A + (10.10.16.51)
28-Mar-2013 23:39:20.696 queries: info: client 10.10.16.53#50590 (www.odnoklassniki.ru): query: www.odnoklassniki.ru IN A + (10.10.16.51)
28-Mar-2013 23:39:20.819 queries: info: client 10.10.16.53#49196 (dnl-17.geo.kaspersky.com): query: dnl-17.geo.kaspersky.com IN A + (10.10.16.51)
28-Mar-2013 23:39:22.822 queries: info: client 10.10.16.53#63438 (dnl-18.geo.kaspersky.com): query: dnl-18.geo.kaspersky.com IN A + (10.10.16.51)
28-Mar-2013 23:39:23.822 queries: info: client 10.10.16.53#63438 (dnl-18.geo.kaspersky.com): query: dnl-18.geo.kaspersky.com IN A + (10.10.16.51)
28-Mar-2013 23:39:24.767 queries: info: client 10.10.16.53#52975 (bt3.rutracker.org): query: bt3.rutracker.org IN A + (10.10.16.51)
28-Mar-2013 23:39:24.822 queries: info: client 10.10.16.53#63438 (dnl-18.geo.kaspersky.com): query: dnl-18.geo.kaspersky.com IN A + (10.10.16.51)
28-Mar-2013 23:39:25.767 queries: info: client 10.10.16.53#52975 (bt3.rutracker.org): query: bt3.rutracker.org IN A + (10.10.16.51)
28-Mar-2013 23:39:26.767 queries: info: client 10.10.16.53#52975 (bt3.rutracker.org): query: bt3.rutracker.org IN A + (10.10.16.51)security.log
28-Mar-2013 22:40:41.138 security: info: client 0.0.0.0#44031 (top100-images.rambler.ru): query (cache) 'top100-images.rambler.ru/A/IN' denied
28-Mar-2013 22:40:41.139 security: info: client 0.0.0.0#44032 (static.rutracker.org): query (cache) 'static.rutracker.org/A/IN' denied
28-Mar-2013 22:40:44.131 security: info: client 0.0.0.0#44037 (top100-images.rambler.ru): query (cache) 'top100-images.rambler.ru/A/IN' denied
28-Mar-2013 22:40:44.131 security: info: client 0.0.0.0#44038 (static.rutracker.org): query (cache) 'static.rutracker.org/A/IN' denied
28-Mar-2013 22:40:47.132 security: info: client 0.0.0.0#44037 (top100-images.rambler.ru): query (cache) 'top100-images.rambler.ru/A/IN' denied
28-Mar-2013 22:40:47.132 security: info: client 0.0.0.0#44038 (static.rutracker.org): query (cache) 'static.rutracker.org/A/IN' denied
https://kb.isc.org/article/AA-00708/0/Why-does-BIND-log-mess...ну это если у гугла спросить про "after reducing the advertised EDNS UDP packet size", почитай, скорее всего поможет
rndc status:version: 9.9.2-P1 (1.0)
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 35
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 30/0/1000
tcp clients: 0/100
server is up and running