From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1661
Path: news.gmane.org!not-for-mail
From: Alex Efros <powerman@powerman.name>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: dnscache endless resolving loop
Date: Thu, 28 Feb 2008 17:22:54 +0200
Organization: asdfGroup Inc., http://powerman.asdfGroup.com/
Message-ID: <20080228152254.GA21748@home.power>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="6c2NcOVqGQ03X4Wi"
X-Trace: ger.gmane.org 1204212200 21863 80.91.229.12 (28 Feb 2008 15:23:20 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 28 Feb 2008 15:23:20 +0000 (UTC)
To: supervision@list.skarnet.org
Original-X-From: supervision-return-1896-gcsg-supervision=m.gmane.org@list.skarnet.org Thu Feb 28 16:23:45 2008
Return-path: <supervision-return-1896-gcsg-supervision=m.gmane.org@list.skarnet.org>
Envelope-to: gcsg-supervision@gmane.org
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by lo.gmane.org with smtp (Exim 4.50)
	id 1JUkbb-0006XA-8v
	for gcsg-supervision@gmane.org; Thu, 28 Feb 2008 16:23:31 +0100
Original-Received: (qmail 20177 invoked by uid 76); 28 Feb 2008 15:23:19 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 20169 invoked from network); 28 Feb 2008 15:23:18 -0000
Mail-Followup-To: supervision@list.skarnet.org
Content-Disposition: inline
User-Agent: Mutt/1.5.16 (2007-06-09)
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1661
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/1661>


--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi!

Probably this isn't a right maillist to ask, but I think this will be
interesting to people here.

On one of my server I permanently have issue with dnscache, which looks
like this:

  PID  PPID    TIME+  %CPU %MEM  PR  NI S  VIRT SWAP  RES  UID COMMAND         
 3301   507  49:42.59 16.6  0.4  15   0 R  4148 2200 1948 1000 dnscache         
11519   507 602:44.67  3.3  0.2  15   0 R  2860 2052  808 1001 svlogd           
15610 26870   0:00.20  0.3  0.3  15   0 R  3588 1884 1704    0 top              

i.e. dnscache permanently use ~15% CPU (TIME+ column show less time for
dnscache than for it svlogd just because I restarted dnscache some time
ago). This server isn't very powerful (Celeron 2GHz, 512RAM), so this
issue slowdown server significantly. Of course I can disable svlogd for
dnscache (because writing huge amount of logd to disk also slowdown it),
but I need logs to find out what's wrong.

Restarting dnscache solve this issue for about a hour, and then it arise
again (probably it initiated by some spammer who connect to my qmail from
this IP, and tcpserver trying to resolve it).

According to logs, dnscache again and again trying to resolve PTR
124.240.91.30, and every time got negative result (which it doesn't cache,
AFAIK).

I spend enough time trying to find out WHO is sending these PTR requests
to dnscache (is anybody knows how to find out process which own UDP port?
things like netstat can't answer to question "who is asking my DNS
server")... dnscache run on 127.0.0.1 so it isn't remote attack.

After all I got an Idea: maybe it's dnscache is the one who asking
dnscache? :) I did strace, and, yes, it looks like dnscache send PTR
requests to itself in endless loop. Look:

http://powerman.name/tmp/dnscache_bug/log (1MB)
http://powerman.name/tmp/dnscache_bug/strace (6.5MB)
http://powerman.name/tmp/dnscache_bug/strace.filtered (2MB, only network I/O)

About djbdns patches. I use Gentoo's net-dns/djbdns-1.05-r21 package.
It apply several patches, but they all looks 100% harmless, and no one
touch C code (except errno problem) - I'll attach them.

-- 
			WBR, Alex.

--6c2NcOVqGQ03X4Wi
Content-Type: application/x-patch
Content-Disposition: attachment; filename="1.05-errno.patch"
Content-Transfer-Encoding: quoted-printable

--- error.h	2001-02-11 15:11:45.000000000 -0600=0A+++ error.h	2003-02-26 02=
:10:21.000000000 -0600=0A@@ -1,7 +1,7 @@=0A #ifndef ERROR_H=0A #define ERRO=
R_H=0A =0A-extern int errno;=0A+#include <errno.h>=0A =0A extern int error_=
intr;=0A extern int error_nomem;=0A
--6c2NcOVqGQ03X4Wi
Content-Type: application/x-patch
Content-Disposition: attachment; filename="dnsroots.patch"
Content-Transfer-Encoding: quoted-printable

--- djbdns-1.05.old/dnsroots.global.old	Fri May 31 19:42:37 2002=0A+++ djbd=
ns-1.05/dnsroots.global	Thu Jan 29 21:41:56 2004=0A@@ -1,5 +1,5 @@=0A 198.4=
1.0.4=0A-128.9.0.107=0A+192.228.79.201=0A 192.33.4.12=0A 128.8.10.90=0A 192=
=2E203.230.10=0A@@ -7,7 +7,7 @@=0A 192.112.36.4=0A 128.63.2.53=0A 192.36.14=
8.17=0A-198.41.0.10=0A+192.58.128.30=0A 193.0.14.129=0A 198.32.64.12=0A 202=
=2E12.27.33=0A
--6c2NcOVqGQ03X4Wi
Content-Type: application/x-patch
Content-Disposition: attachment; filename="dnstracesort.patch"
Content-Transfer-Encoding: quoted-printable

--- djbdns-1.05/dnstracesort.sh.orig	2006-04-26 21:52:54.000000000 +0200=0A=
+++ djbdns-1.05/dnstracesort.sh	2006-04-26 21:53:02.000000000 +0200=0A@@ -1=
2,7 +12,7 @@=0A     }=0A     print=0A   }=0A-' | sort -t: +0 -2 +4 +3 -4 +2=
 -3 | uniq | awk -F: '=0A+' | sort -t: -k 1,3 -k 5 -k 4,5 -k 3,4 | uniq | a=
wk -F: '=0A   {=0A     type =3D $1=0A     q =3D $2=0A
--6c2NcOVqGQ03X4Wi
Content-Type: application/x-patch
Content-Disposition: attachment; filename="headtail.patch"
Content-Transfer-Encoding: quoted-printable

diff -Naur /tmp/djbdns-1.05/Makefile djbdns-1.05/Makefile=0A--- /tmp/djbdns=
-1.05/Makefile	2003-11-16 20:33:41.000000000 +0100=0A+++ djbdns-1.05/Makefi=
le	2003-11-16 20:35:15.000000000 +0100=0A@@ -31,7 +31,7 @@=0A =0A auto_home=
=2Ec: \=0A auto-str conf-home=0A-	./auto-str auto_home `head -1 conf-home` =
> auto_home.c=0A+	./auto-str auto_home `head -n 1 conf-home` > auto_home.c=
=0A =0A auto_home.o: \=0A compile auto_home.c=0A@@ -205,14 +205,14 @@=0A ch=
oose: \=0A warn-auto.sh choose.sh conf-home=0A 	cat warn-auto.sh choose.sh =
\=0A-	| sed s}HOME}"`head -1 conf-home`"}g \=0A+	| sed s}HOME}"`head -n 1 c=
onf-home`"}g \=0A 	> choose=0A 	chmod 755 choose=0A =0A compile: \=0A warn-=
auto.sh conf-cc=0A 	( cat warn-auto.sh; \=0A-	echo exec "`head -1 conf-cc`"=
 '-c $${1+"$$@"}' \=0A+	echo exec "`head -n 1 conf-cc`" '-c $${1+"$$@"}' \=
=0A 	) > compile=0A 	chmod 755 compile=0A =0A@@ -449,7 +449,7 @@=0A dnstrac=
esort: \=0A warn-auto.sh dnstracesort.sh conf-home=0A 	cat warn-auto.sh dns=
tracesort.sh \=0A-	| sed s}HOME}"`head -1 conf-home`"}g \=0A+	| sed s}HOME}=
"`head -n 1 conf-home`"}g \=0A 	> dnstracesort=0A 	chmod 755 dnstracesort=
=0A =0A@@ -570,7 +570,7 @@=0A warn-auto.sh conf-ld=0A 	( cat warn-auto.sh; =
\=0A 	echo 'main=3D"$$1"; shift'; \=0A-	echo exec "`head -1 conf-ld`" \=0A+=
	echo exec "`head -n 1 conf-ld`" \=0A 	'-o "$$main" "$$main".o $${1+"$$@"}'=
 \=0A 	) > load=0A 	chmod 755 load=0A@@ -758,7 +758,7 @@=0A rts: \=0A warn-=
auto.sh rts.sh conf-home=0A 	cat warn-auto.sh rts.sh \=0A-	| sed s}HOME}"`h=
ead -1 conf-home`"}g \=0A+	| sed s}HOME}"`head -n 1 conf-home`"}g \=0A 	> r=
ts=0A 	chmod 755 rts=0A =0A@@ -901,8 +901,8 @@=0A systype: \=0A find-systyp=
e.sh conf-cc conf-ld trycpp.c x86cpuid.c=0A 	( cat warn-auto.sh; \=0A-	echo=
 CC=3D\'`head -1 conf-cc`\'; \=0A-	echo LD=3D\'`head -1 conf-ld`\'; \=0A+	e=
cho CC=3D\'`head -n 1 conf-cc`\'; \=0A+	echo LD=3D\'`head -n 1 conf-ld`\'; =
\=0A 	cat find-systype.sh; \=0A 	) | sh > systype=0A =0A
--6c2NcOVqGQ03X4Wi--