Difference between revisions of "Troubleshooting bind issues"
From Notes_Wiki
(Created page with "<yambe:breadcrumb>Bind_DNS_server_configuration|Bind DNS</yambe:breadcrumb> =Troubleshooting bind issues= ==Very high CPU usage (200%+) by bind== When using chroot bind envi...") |
m |
||
| Line 5: | Line 5: | ||
When using chroot bind environment with sufficiently complex configuration bind CPU usage may be above 200%. This problem is caused by configuration file mentioning directories such as '/var/named/data' or /var/named/dynamic' which do not exist in location '/var/named/chroot/var/named/data' or '/var/named/chroot/var/named/dynamic', etc. Hence to solve the problem create all directories in chrooted 'var/named' folder and make them owned by named:named. Then restart bind and the CPU usage should go below 0% as usual. | When using chroot bind environment with sufficiently complex configuration bind CPU usage may be above 200%. This problem is caused by configuration file mentioning directories such as '/var/named/data' or /var/named/dynamic' which do not exist in location '/var/named/chroot/var/named/data' or '/var/named/chroot/var/named/dynamic', etc. Hence to solve the problem create all directories in chrooted 'var/named' folder and make them owned by named:named. Then restart bind and the CPU usage should go below 0% as usual. | ||
==broken trust chain error== | |||
If bind logs show 'broken trust chain' such as: | |||
<pre> | |||
15-Apr-2014 06:06:11.667 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 125.19.40.90#53 | |||
15-Apr-2014 06:06:11.942 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.7.87.1#53 | |||
15-Apr-2014 06:06:12.212 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.253.57.1#53 | |||
15-Apr-2014 06:06:12.334 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 194.0.1.7#53 | |||
15-Apr-2014 06:06:12.379 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 115.249.164.142#53 | |||
15-Apr-2014 06:06:12.470 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.249.125.1#53 | |||
15-Apr-2014 06:06:12.618 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.249.117.1#53 | |||
15-Apr-2014 06:06:12.860 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.253.56.1#53 | |||
15-Apr-2014 06:06:12.861 lame-servers: info: error (no valid DS) resolving 'www.google.co.in/A/IN': 216.239.34.10#53 | |||
15-Apr-2014 06:06:12.985 lame-servers: info: error (broken trust chain) resolving 'www.google.co.in/A/IN': 216.239.36.10#53 | |||
15-Apr-2014 06:06:13.055 lame-servers: info: error (broken trust chain) resolving 'www.google.co.in/A/IN': 216.239.34.10#53 | |||
</pre> | |||
Then the most probable cause for this is wrong system time. It is recommended to have ntp server or client configured on each system to resolve this permanently. For a quick fix use: | |||
<pre> | |||
ntpdate -b 0.centos.pool.ntp.org | |||
</pre> | |||
assuming resolution for 0.centos.pool.ntp.org is possible using some other DNS server | |||
<yambe:breadcrumb>Bind_DNS_server_configuration|Bind DNS</yambe:breadcrumb> | |||
Revision as of 03:03, 15 April 2014
<yambe:breadcrumb>Bind_DNS_server_configuration|Bind DNS</yambe:breadcrumb>
Troubleshooting bind issues
Very high CPU usage (200%+) by bind
When using chroot bind environment with sufficiently complex configuration bind CPU usage may be above 200%. This problem is caused by configuration file mentioning directories such as '/var/named/data' or /var/named/dynamic' which do not exist in location '/var/named/chroot/var/named/data' or '/var/named/chroot/var/named/dynamic', etc. Hence to solve the problem create all directories in chrooted 'var/named' folder and make them owned by named:named. Then restart bind and the CPU usage should go below 0% as usual.
broken trust chain error
If bind logs show 'broken trust chain' such as:
15-Apr-2014 06:06:11.667 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 125.19.40.90#53 15-Apr-2014 06:06:11.942 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.7.87.1#53 15-Apr-2014 06:06:12.212 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.253.57.1#53 15-Apr-2014 06:06:12.334 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 194.0.1.7#53 15-Apr-2014 06:06:12.379 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 115.249.164.142#53 15-Apr-2014 06:06:12.470 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.249.125.1#53 15-Apr-2014 06:06:12.618 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.249.117.1#53 15-Apr-2014 06:06:12.860 lame-servers: info: error (no valid RRSIG) resolving 'google.co.in/DS/IN': 199.253.56.1#53 15-Apr-2014 06:06:12.861 lame-servers: info: error (no valid DS) resolving 'www.google.co.in/A/IN': 216.239.34.10#53 15-Apr-2014 06:06:12.985 lame-servers: info: error (broken trust chain) resolving 'www.google.co.in/A/IN': 216.239.36.10#53 15-Apr-2014 06:06:13.055 lame-servers: info: error (broken trust chain) resolving 'www.google.co.in/A/IN': 216.239.34.10#53
Then the most probable cause for this is wrong system time. It is recommended to have ntp server or client configured on each system to resolve this permanently. For a quick fix use:
ntpdate -b 0.centos.pool.ntp.org
assuming resolution for 0.centos.pool.ntp.org is possible using some other DNS server
<yambe:breadcrumb>Bind_DNS_server_configuration|Bind DNS</yambe:breadcrumb>
