Importance of Good DNS

MattW

MattW

Well-known member
I've been helping @bobster65 trouble shoot some issues with his server, and NAMED taking up all the CPU, causing his sites to stop loading, or take ~1 minute to load per page.

We are seeing load averages of 2.0 across the board, with namd using 160% of the available CPU on the dual core system he's got.

This is a fairly old box, but still decent enough to be running the sites at a reasonable speed.

However, named was causing some serious problems. The server was doing all the DNS lookups for the sites hosted on it, and you could see the DNS requests come in when you tried to access the sites, and named just sit there gobbling the CPU.

DNS zones were all configured correctly, nothing out of the ordinary with them, but WHM kept reporting one of the name servers configured on the box didn't have an IP address, and even when you set it, after a random time, it would vanish again.

The server was also reporting kernel errors for ip_conntrack, which tied up with named grabbing all the CPU.

Code: 
Aug  3 05:28:55 server kernel: printk: 65358 messages suppressed.
Aug  3 05:28:55 server kernel: ip_conntrack: table full, dropping packet.
Aug  3 05:29:00 server kernel: printk: 65803 messages suppressed.
Aug  3 05:29:00 server kernel: ip_conntrack: table full, dropping packet.
Aug  3 05:29:05 server kernel: printk: 67396 messages suppressed.
Aug  3 05:29:05 server kernel: ip_conntrack: table full, dropping packet.
Aug  3 05:29:10 server kernel: printk: 63859 messages suppressed.
Aug  3 05:29:10 server kernel: ip_conntrack: table full, dropping packet.
Aug  3 05:29:15 server kernel: printk: 67713 messages suppressed.
Aug  3 05:29:15 server kernel: ip_conntrack: table full, dropping packet.
Aug  3 05:29:20 server kernel: printk: 64115 messages suppressed.
Aug  3 05:29:20 server kernel: ip_conntrack: table full, dropping packet.

I checked the setting in sysctl, and the there less entries than were available to handle, so it shouldn't be erroring like that.


So........I've moved his DNS to my DNSMadeEasy account, he's pointed his domains at the new DNS servers, and the sites are now loading instantly!

The errors have now stopped, and the load on the box has come right down again:

load average: 0.06, 0.06, 0.09

I've always been a great believer of having a specific service like this run by a specific service provider, such as DNSMadeEasy or Amazon's Route53. I'm now in my 4th year with DNSMadeEasy.
 
I use the dns thats provided by my domain register. Is there any really benefit to useing services like easy dns.
 
akia said:
I use the dns thats provided by my domain register. Is there any really benefit to useing services like easy dns.
Click to expand...
It depends. My registrar doesn't offer any form of DNS, which is why I used a 3rd part rather than having it on the same server as the websites (or getting another smaller vps for doing the DNS).
I like DNSMadeEasy because they are ip anycast, and you can make a change to an entry, and it's pushed out instantly.
 
Heh. I know EXACTLY what WHM error you speak of. I've been getting it intermittently since the latest cPanel upgrade and it's starting to chap my hide. Project for this weekend is to redo the DNS and just point it all elsewhere.
 
Yeah i use DME for dns too. But interesting about WHM/DNS issue - might have to investigate myself just to keep on top of such issues :)

was the server a dedicated or VPS ?
VPS was it OpenVZ, Virtuozzo, Xen, VMWare or KVM based ?
CentOS 5.9 or 6.4 ? kernel version ?
 
p4guru said:
Yeah i use DME for dns too. But interesting about WHM/DNS issue - might have to investigate myself just to keep on top of such issues :)

was the server a dedicated or VPS ?
VPS was it OpenVZ, Virtuozzo, Xen, VMWare or KVM based ?
CentOS 5.9 or 6.4 ? kernel version ?
Click to expand...
Is Bob's case, dedicated server, RHE4!

Code: 
cat /etc/redhat-release
Red Hat Enterprise Linux ES release 4 (Nahant Update 8)

WHM 11.32
 
hmm pretty old, could of been a DDOS DNS attack of some form.. DME would of eaten it up easily :)
 
MattW said:
I've always been a great believer of having a specific service like this run by a specific service provider, such as DNSMadeEasy or Amazon's Route53. I'm now in my 4th year with DNSMadeEasy.
Click to expand...
I use ZoneEdit myself. For some reason (I guess because I was a long time user and got some kind of exception) I was able to have 4 domains free before I started having to use my existing purchased credits. Since the ones I use the credits for are going to expire soon I'll be down to only having one that I actually have to have to pay for. I always like free. :p
I've had good luck with them. Their site interface is rather basic - but I don't need anything real fancy since it gets the job done.
 
You must log in or register to reply here.

Similar threads

sbj
  • Locked
Current state of XF and the participation of the XF Team
6 7 8
Replies
150
Views
15K
Kier
Kier
Netkreatif
⭐7 YEARS OF EXPERIENCE! ✅ XENFORO INSTALLATION A TO Z 💜 SEO, OPTIMIZATION, THEME, ADD-ON & MORE 🚀
Replies
0
Views
959
Netkreatif
Netkreatif
digitalpoint
Cloudflare optimizations for XenForo
7 8 9
Replies
175
Views
17K
digitalpoint
digitalpoint
Baby Community
Duplicate I need help with error
Replies
8
Views
915
Baby Community
Baby Community
iaresee
  • Question Question
XF 2.1 How do a determine when and why Xenforo 2.1 sent a notification email to a user?
Replies
3
Views
630
iaresee
iaresee
Top Bottom