I currently have a FreeBSD 6-STABLE (a few months old) machine running
bind 9.3.2. It is a caching only name server for a large base of internet
T1 customers (like 5000 customers).
I just upgraded to 9.3.2 today. I have been having memory issues. For
starter, when the named pid grows res mem to around 500m it craps out and
stops resolving. The tentative fix was to restart bind every night at 2am.
However, today, the res mem grow from 25m at startup to 500m in about 4
hours. Quicker then usually, so I thought maybe there was a memory leak,
and thats why I upgraded to the latest version of bind.
I need some pointers. I know alot of people dont recommend bind for
large caching environments, but right now we can't easily change the
setup. So I am trying to stabilize things as-is. The server used to be
Redhat linux, just recently did it move to FreeBSD 6.
My sysctl kernel params are standard, somaxconn was bumped up to 512. I
was also thinking about enabling kern.ipc.shm_use_phys. Do you think that
will help? TUNING man pages says it improves memory performance for pids
that use alot of memory.
During peak, the server is pushing around 1.6Mbps of pure dns traffic.
Here is my named.conf options:
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 209.50.171.81; };
recursive-clients 10000;
auth-nxdomain no;
tcp-clients 10000;
max-cache-size 400000000;
Any ideas?
Would something like djbdns really help? I can switch, but can't do it for
at least a week while we wait for new hardware.
Thanks
John
_______________________________________________
freebsd-<email removed> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-<email removed>"
From: Hendrik Bruinsma
Date: 2006-08-31 09:07:55
On 8/30/06, John Von Essen wrote:
> Would something like djbdns really help? I can switch, but can't do it for
> at least a week while we wait for new hardware.
>
> Thanks
> John
I would realy use djbdns. Memory usage and load it much lower then Bind.
We switched from Bind to djbdns in march, and now it looks like the
machine almost do nothing! No high load, nor strange memory usage!
If you ask my, i'dd realy switch do djbdns.
But that won't help for the week to come.
--
Met vriendelijke groet,
Hendrik Bruinsma
_______________________________________________
freebsd-<email removed> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-<email removed>"
From: Jaco Engelbrecht
Date: 2006-08-31 13:12:45
hi John,
On Wed, Aug 30, 2006 at 02:04:10PM -0400, John Von Essen wrote:
> I just upgraded to 9.3.2 today. I have been having memory issues. For
> starter, when the named pid grows res mem to around 500m it craps out and
> stops resolving. The tentative fix was to restart bind every night at 2am.
>
> However, today, the res mem grow from 25m at startup to 500m in about 4
> hours. Quicker then usually, so I thought maybe there was a memory leak,
> and thats why I upgraded to the latest version of bind.
>
> Any ideas?
Build bind with its internal memory allocator. To to do this, change
CONFIGURE_ARGS in /usr/ports/dns/bind9/Makefile to read like:
--
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
--with-randomdev=/dev/random \
STD_CDEFINES=-DISC_MEM_USE_INTERNAL_MALLOC=1
--
make clean
make WITH_PORT_REPLACES_BASE_BIND9=YES
make install
/etc/sysctl.conf settings:
net.inet.raw.recvspace=128000
net.inet.udp.recvspace=256000
net.inet.tcp.sendspace=128000
net.inet.tcp.recvspace=128000
net.inet.tcp.inflight_enable=1
kern.ipc.maxsockbuf=256000
kern.ipc.somaxconn=2048
net.inet.ip.intr_queue_maxlen=128
Jaco
--
<email removed>
the faculty of making fortuante discoveries
_______________________________________________
freebsd-<email removed> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-<email removed>"
From: John Von Essen
Date: 2006-08-31 22:16:57
Thanks.
I put those changes in. I'll see how it behaves over the next day.
One thing I noticed though, I can't run ifconfig now:
cache01# /sbin/ifconfig -a
ifconfig: socket(family 2,SOCK_DGRAM): No buffer space available
Would that have anything to do with those sysctl settings.
-John
On Thu, 31 Aug 2006, Jaco Engelbrecht wrote:
> hi John,
>
> On Wed, Aug 30, 2006 at 02:04:10PM -0400, John Von Essen wrote:
>> I just upgraded to 9.3.2 today. I have been having memory issues. For
>> starter, when the named pid grows res mem to around 500m it craps out and
>> stops resolving. The tentative fix was to restart bind every night at 2am.
>>
>> However, today, the res mem grow from 25m at startup to 500m in about 4
>> hours. Quicker then usually, so I thought maybe there was a memory leak,
>> and thats why I upgraded to the latest version of bind.
>>
>> Any ideas?
>
> Build bind with its internal memory allocator. To to do this, change
> CONFIGURE_ARGS in /usr/ports/dns/bind9/Makefile to read like:
>
> --
> CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
> --with-randomdev=/dev/random \
> STD_CDEFINES=-DISC_MEM_USE_INTERNAL_MALLOC=1
> --
>
> make clean
> make WITH_PORT_REPLACES_BASE_BIND9=YES
> make install
>
>
> /etc/sysctl.conf settings:
>
> net.inet.raw.recvspace=128000
> net.inet.udp.recvspace=256000
> net.inet.tcp.sendspace=128000
> net.inet.tcp.recvspace=128000
> net.inet.tcp.inflight_enable=1
> kern.ipc.maxsockbuf=256000
> kern.ipc.somaxconn=2048
> net.inet.ip.intr_queue_maxlen=128
>
> Jaco
>
> --
> <email removed>
> the faculty of making fortuante discoveries
>
_______________________________________________
freebsd-<email removed> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-<email removed>"
From: jonas
Date: 2006-08-31 23:29:49
You should tune kern.ipc.nmbclusters using /boot/loader.conf or your
kernelconfig aswell.
You can read more about it in tuning(7)
//Jonas
> Thanks.
>
> I put those changes in. I'll see how it behaves over the next day.
>
> One thing I noticed though, I can't run ifconfig now:
>
> cache01# /sbin/ifconfig -a
> ifconfig: socket(family 2,SOCK_DGRAM): No buffer space available
>
> Would that have anything to do with those sysctl settings.
>
> -John
>
> On Thu, 31 Aug 2006, Jaco Engelbrecht wrote:
>
>> hi John,
>>
>> On Wed, Aug 30, 2006 at 02:04:10PM -0400, John Von Essen wrote:
>>> I just upgraded to 9.3.2 today. I have been having memory issues. For
>>> starter, when the named pid grows res mem to around 500m it craps out
>>> and
>>> stops resolving. The tentative fix was to restart bind every night at
>>> 2am.
>>>
>>> However, today, the res mem grow from 25m at startup to 500m in about 4
>>> hours. Quicker then usually, so I thought maybe there was a memory
>>> leak,
>>> and thats why I upgraded to the latest version of bind.
>>>
>>> Any ideas?
>>
>> Build bind with its internal memory allocator. To to do this, change
>> CONFIGURE_ARGS in /usr/ports/dns/bind9/Makefile to read like:
>>
>> --
>> CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
>> --with-randomdev=/dev/random \
>> STD_CDEFINES=-DISC_MEM_USE_INTERNAL_MALLOC=1
>> --
>>
>> make clean
>> make WITH_PORT_REPLACES_BASE_BIND9=YES
>> make install
>>
>>
>> /etc/sysctl.conf settings:
>>
>> net.inet.raw.recvspace=128000
>> net.inet.udp.recvspace=256000
>> net.inet.tcp.sendspace=128000
>> net.inet.tcp.recvspace=128000
>> net.inet.tcp.inflight_enable=1
>> kern.ipc.maxsockbuf=256000
>> kern.ipc.somaxconn=2048
>> net.inet.ip.intr_queue_maxlen=128
>>
>> Jaco
>>
>> --
>> <email removed>
>> the faculty of making fortuante discoveries
>>
> _______________________________________________
> freebsd-<email removed> mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-<email removed>"
>
_______________________________________________
freebsd-<email removed> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-<email removed>"
From: John Von Essen
Date: 2006-09-01 06:08:00
Okay, so this is where I am at.
sysctl tunables are standard, but somaxconn was bumped up to 512.
I edit /boot/loader.conf and added:
kern.dfldsiz=900000000
kern.dflssiz=700000000
kern.maxdsiz=900000000
kern.maxssiz=700000000
kern.maxusers=512
And I recompiled Bind 9.3.2 and enabled the internal memory allocator.
One thing I still get, which I dont understand why, is whenever I
stop named, I get the following console error:
Aug 31 23:47:57 cache01 kernel: Limiting icmp unreach response from
213 to 200 packets/sec
Aug 31 23:47:58 cache01 kernel: Limiting icmp unreach response from
242 to 200 packets/sec
Aug 31 23:47:59 cache01 kernel: Limiting icmp unreach response from
208 to 200 packets/sec
Aug 31 23:48:00 cache01 kernel: Limiting icmp unreach response from
224 to 200 packets/sec
As soon as I start named, it goes away. Any idea what this can be?
-John
_______________________________________________
freebsd-<email removed> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-<email removed>"
From: Blake Covarrubias
Date: 2006-09-01 07:35:24
Those messages are being sent by your server in response to failed
connections to port 53. Because named is no longer listening on that
port (service is stopped) your server is informing machines which are
attempting to make connections to port 53 that the port is closed.
--
Blake Covarrubias
On Aug 31, 2006, at 11:08 PM, John Von Essen wrote:
> Okay, so this is where I am at.
>
> sysctl tunables are standard, but somaxconn was bumped up to 512.
>
> I edit /boot/loader.conf and added:
>
> kern.dfldsiz=900000000
> kern.dflssiz=700000000
> kern.maxdsiz=900000000
> kern.maxssiz=700000000
> kern.maxusers=512
>
> And I recompiled Bind 9.3.2 and enabled the internal memory allocator.
>
> One thing I still get, which I dont understand why, is whenever I
> stop named, I get the following console error:
>
> Aug 31 23:47:57 cache01 kernel: Limiting icmp unreach response from
> 213 to 200 packets/sec
> Aug 31 23:47:58 cache01 kernel: Limiting icmp unreach response from
> 242 to 200 packets/sec
> Aug 31 23:47:59 cache01 kernel: Limiting icmp unreach response from
> 208 to 200 packets/sec
> Aug 31 23:48:00 cache01 kernel: Limiting icmp unreach response from
> 224 to 200 packets/sec
>
> As soon as I start named, it goes away. Any idea what this can be?
>
> -John
> _______________________________________________
> freebsd-<email removed> mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-<email removed>"
>
_______________________________________________
freebsd-<email removed> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-<email removed>" |
发表于 2009-2-23 15:38
| 
发表于 2009-8-25 10:08
| 