From: Alex Efros <powerman@powerman.name>
To: supervision@list.skarnet.org
Subject: dnscache endless resolving loop
Date: Thu, 28 Feb 2008 17:22:54 +0200 [thread overview]
Message-ID: <20080228152254.GA21748@home.power> (raw)
[-- Attachment #1: Type: text/plain, Size: 2113 bytes --]
Hi!
Probably this isn't a right maillist to ask, but I think this will be
interesting to people here.
On one of my server I permanently have issue with dnscache, which looks
like this:
PID PPID TIME+ %CPU %MEM PR NI S VIRT SWAP RES UID COMMAND
3301 507 49:42.59 16.6 0.4 15 0 R 4148 2200 1948 1000 dnscache
11519 507 602:44.67 3.3 0.2 15 0 R 2860 2052 808 1001 svlogd
15610 26870 0:00.20 0.3 0.3 15 0 R 3588 1884 1704 0 top
i.e. dnscache permanently use ~15% CPU (TIME+ column show less time for
dnscache than for it svlogd just because I restarted dnscache some time
ago). This server isn't very powerful (Celeron 2GHz, 512RAM), so this
issue slowdown server significantly. Of course I can disable svlogd for
dnscache (because writing huge amount of logd to disk also slowdown it),
but I need logs to find out what's wrong.
Restarting dnscache solve this issue for about a hour, and then it arise
again (probably it initiated by some spammer who connect to my qmail from
this IP, and tcpserver trying to resolve it).
According to logs, dnscache again and again trying to resolve PTR
124.240.91.30, and every time got negative result (which it doesn't cache,
AFAIK).
I spend enough time trying to find out WHO is sending these PTR requests
to dnscache (is anybody knows how to find out process which own UDP port?
things like netstat can't answer to question "who is asking my DNS
server")... dnscache run on 127.0.0.1 so it isn't remote attack.
After all I got an Idea: maybe it's dnscache is the one who asking
dnscache? :) I did strace, and, yes, it looks like dnscache send PTR
requests to itself in endless loop. Look:
http://powerman.name/tmp/dnscache_bug/log (1MB)
http://powerman.name/tmp/dnscache_bug/strace (6.5MB)
http://powerman.name/tmp/dnscache_bug/strace.filtered (2MB, only network I/O)
About djbdns patches. I use Gentoo's net-dns/djbdns-1.05-r21 package.
It apply several patches, but they all looks 100% harmless, and no one
touch C code (except errno problem) - I'll attach them.
--
WBR, Alex.
[-- Attachment #2: 1.05-errno.patch --]
[-- Type: application/x-patch, Size: 249 bytes --]
[-- Attachment #3: dnsroots.patch --]
[-- Type: application/x-patch, Size: 367 bytes --]
[-- Attachment #4: dnstracesort.patch --]
[-- Type: application/x-patch, Size: 338 bytes --]
[-- Attachment #5: headtail.patch --]
[-- Type: application/x-patch, Size: 1848 bytes --]
next reply other threads:[~2008-02-28 15:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-28 15:22 Alex Efros [this message]
2008-02-28 15:38 ` Jose Celestino
2008-02-28 16:30 ` Alex Efros
2008-02-28 16:16 ` Charlie Brady
2008-02-28 16:21 ` Alex Efros
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080228152254.GA21748@home.power \
--to=powerman@powerman.name \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).