I have never noticed this before but named is it the network hard. I use it on my computer just for local resolution. Why would it constantly hit the network?
Thanks
--Edit--
I am assuming it is named. Top shows it taking some processor time. More than normal. When I stop named the network traffic stops.
named hitting the network hard. Is this normal?
Message
- HomerSimpson
- l33t
- Posts: 869
- Joined: Sat Jan 25, 2003 3:37 pm
- Location: Ohio, USA
named hitting the network hard. Is this normal?
The strong must protect the Sweet.
Re: named hitting the network hard. Is this normal?
So you're saying you've set up a DNS server for your local net? Is it constantly sending out stuff or only if you resolve names at stations that use this server?
- HomerSimpson
- l33t
- Posts: 869
- Joined: Sat Jan 25, 2003 3:37 pm
- Location: Ohio, USA
Yes. Thanks for clarifying for me.
It is hitting the network constantly even when I personally am not actively doing anything. I shut down various services to see if that was it (such as postfix, folding at home) but it is still hitting the network. I have never seen that before.
Why would named (bind) do this? Is this normal? I am shutting it down in between posting. It doesn't seem right to me.
Thanks
--Edit--
It is hitting the network constantly even when I personally am not actively doing anything. I shut down various services to see if that was it (such as postfix, folding at home) but it is still hitting the network. I have never seen that before.
Why would named (bind) do this? Is this normal? I am shutting it down in between posting. It doesn't seem right to me.
Thanks
--Edit--
Code: Select all
# rndc status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and runningThe strong must protect the Sweet.
I don't have a lot of experience with BIND in particular, but the first thing that comes to mind when a process is causing unknown/weird network traffic is to sniff the network with a sniffer like Ethereal. So I'd advise you to install Ethereal (net-analyzer/ethereal) and capture some of the packets your DNS-server is generating. The resulting captured trace will then show you the contents of all sent/received packets including src/dst IP/hostname, protocols, ports and other content.HomerSimpson wrote:Why would named (bind) do this? Is this normal? I am shutting it down in between posting. It doesn't seem right to me.
If the results don't tell you anything, you can even save them as a file and post a link to that file here and I'll have a look at them.
Greets,
JRV
- HomerSimpson
- l33t
- Posts: 869
- Joined: Sat Jan 25, 2003 3:37 pm
- Location: Ohio, USA
JRV,
Thank you for the help. I had Ethereal installed and ran it. It captures a bunch of UDP packets. It appears to be coming from another Gentoo Linux computer on my lan. I am not sure what it is doing but it does the same thing over and over. I ran "top" on the other machine and apart from folding at home the only other process that regularly takes any time is agetty. I logged into another Gentoo box on my lan and when I run top, agetty is not even active (as far as I can tell).
Here is some output from Ethereal. It repeats this sequence over and over. I changed the domain to "mydomain" and the computers name to "comp2".
So comp1 is simply querying my DNS server for itself?
Thanks again for your help!
--Update--
This is on comp2 (the one generating the DNS lookups)
Thank you for the help. I had Ethereal installed and ran it. It captures a bunch of UDP packets. It appears to be coming from another Gentoo Linux computer on my lan. I am not sure what it is doing but it does the same thing over and over. I ran "top" on the other machine and apart from folding at home the only other process that regularly takes any time is agetty. I logged into another Gentoo box on my lan and when I run top, agetty is not even active (as far as I can tell).
Here is some output from Ethereal. It repeats this sequence over and over. I changed the domain to "mydomain" and the computers name to "comp2".
Code: Select all
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.254 192.168.1.253 DNS Standard query A comp2.mydomain.net
Frame 1 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: 3com_23:00:a0 (00:10:4b:23:00:a0), Dst: ns.mydomain.net (00:0d:61:c9:d2:c6)
Internet Protocol, Src: 192.168.1.254 (192.168.1.254), Dst: 192.168.1.253 (192.168.1.253)
User Datagram Protocol, Src Port: 32776 (32776), Dst Port: domain (53)
Domain Name System (query)
No. Time Source Destination Protocol Info
2 0.000282 192.168.1.253 192.168.1.254 DNS Standard query response A 192.168.1.254
Frame 2 (127 bytes on wire, 127 bytes captured)
Ethernet II, Src: ns.mydomain.net (00:0d:61:c9:d2:c6), Dst: 3com_23:00:a0 (00:10:4b:23:00:a0)
Internet Protocol, Src: 192.168.1.253 (192.168.1.253), Dst: 192.168.1.254 (192.168.1.254)
User Datagram Protocol, Src Port: domain (53), Dst Port: 32776 (32776)
Domain Name System (response)
Thanks again for your help!
--Update--
This is on comp2 (the one generating the DNS lookups)
Code: Select all
# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.1.254:ssh 192.168.1.253:39014 ESTABLISHED 16150/13
udp 0 0 192.168.1.254:32816 192.168.1.253:domain ESTABLISHED -
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 3 [ ] DGRAM 6067 5577/metalog [MASTE /dev/log
unix 2 [ ] DGRAM 6422 5974/cron
The strong must protect the Sweet.
Have you tried if the problem persists after turning off Folding@Home? agetty should normally not create any problems (it's just the daemon waiting on virtual terminals 1-6 for someone to log in).HomerSimpson wrote:apart from folding at home the only other process that regularly takes any time is agetty.
Yes, exactly. The question is why this is happening repeatedly. Normally, each host caches resolved hosts so it doesn't have to resolve them again every few nanosecondsHere is some output from Ethereal. It repeats this sequence over and over. I changed the domain to "mydomain" and the computers name to "comp2".
[...]
So comp1 is simply querying my DNS server for itself?
Yep, there's the UDP "connection" to the DNS. Too bad you can't see the program causing it (probably because UDP is connectionless). I don't even understand why it says "ESTABLISHED", since a UDP "connection" doesn't have any state...--Update--
This is on comp2 (the one generating the DNS lookups)Code: Select all
# netstat -p Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.1.254:ssh 192.168.1.253:39014 ESTABLISHED 16150/13 udp 0 0 192.168.1.254:32816 192.168.1.253:domain ESTABLISHED -
Anyways, if the host is constantly looking up itself, something is wrong on that host. Maybe some name cache is turned off? Maybe a program isn't using the system's resolver but rather tries to resolve names itself, without caching them (for example, hostx does that)? As a quick workaround, have you tried putting comp2.mydomain.net into your /etc/hosts file?
JRV
- HomerSimpson
- l33t
- Posts: 869
- Joined: Sat Jan 25, 2003 3:37 pm
- Location: Ohio, USA
comp2 is the computer generating the DNS requests.
So I add:
127.0.0.1 comp2.mydomain.net
Do I need to restart the network so that it re-reads this file? Or what would I restart?
This is what is running on comp2 at this moment and I am still getting the DNS queries. So it happens even when folding at home is stopped.
Top output:
Again, thanks for your help!
Code: Select all
# cat /etc/hosts
127.0.0.1 localhost
# IPV6 versions of localhost and co
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
127.0.0.1 comp2.mydomain.net
Do I need to restart the network so that it re-reads this file? Or what would I restart?
This is what is running on comp2 at this moment and I am still getting the DNS queries. So it happens even when folding at home is stopped.
Code: Select all
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1360 484 ? S 2005 0:01 init [3]
root 2 0.0 0.0 0 0 ? S 2005 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN 2005 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S< 2005 2:22 [events/0]
root 5 0.0 0.0 0 0 ? S< 2005 0:00 [khelper]
root 6 0.0 0.0 0 0 ? S< 2005 0:10 [kblockd/0]
root 7 0.0 0.0 0 0 ? S 2005 0:00 [khubd]
root 27 0.0 0.0 0 0 ? S 2005 1:12 [pdflush]
root 28 0.0 0.0 0 0 ? S 2005 1:45 [pdflush]
root 30 0.0 0.0 0 0 ? S< 2005 0:00 [aio/0]
root 29 0.0 0.0 0 0 ? S 2005 2:05 [kswapd0]
root 33 0.0 0.0 0 0 ? S 2005 0:00 [kseriod]
root 125 0.0 0.0 0 0 ? S< 2005 0:00 [ata/0]
root 126 0.0 0.0 0 0 ? S 2005 0:00 [khpsbpkt]
root 137 0.0 0.0 0 0 ? S< 2005 0:08 [reiserfs/0]
root 354 0.0 0.3 1724 976 ? Ss 2005 0:02 /sbin/devfsd /dev
root 5577 0.0 0.1 2212 616 ? Ss 2005 0:06 metalog [MASTER]
root 5578 0.0 0.1 1428 504 ? S 2005 0:00 metalog [KERNEL]
root 5771 0.0 0.5 3808 1608 ? Ss 2005 0:00 /usr/sbin/sshd
root 5974 0.0 0.2 1604 692 ? Ss 2005 0:01 /usr/sbin/cron
root 6004 0.0 0.2 1496 660 tty2 Ss+ 2005 0:00 /sbin/agetty 38400 tty2 linux
root 6005 0.0 0.2 1496 660 tty3 Ss+ 2005 0:00 /sbin/agetty 38400 tty3 linux
root 6006 0.0 0.2 1496 660 tty4 Ss+ 2005 0:00 /sbin/agetty 38400 tty4 linux
root 6007 0.0 0.2 1496 660 tty5 Ss+ 2005 0:00 /sbin/agetty 38400 tty5 linux
root 6008 0.0 0.2 1496 660 tty6 Ss+ 2005 0:00 /sbin/agetty 38400 tty6 linux
root 11363 4.4 0.2 1496 660 tty1 Ss+ Jan13 39:57 /sbin/agetty 38400 tty1 linux
root 22116 0.2 0.6 6652 2120 ? Ss 09:55 0:00 sshd: root@pts/15
root 22123 0.0 0.3 2172 1264 pts/15 Ss 09:55 0:00 -bash
root 22359 0.0 0.2 2352 808 pts/15 R+ 09:58 0:00 ps aux
Top output:
Code: Select all
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
11363 root 15 0 1496 660 1312 S 4.3 0.2 40:03.89 agetty
22363 root 16 0 1952 1004 1732 R 0.3 0.3 0:00.17 top
4 root 5 -10 0 0 0 S 0.1 0.0 2:22.15 events/0
1 root 16 0 1360 484 1208 S 0.0 0.2 0:01.29 init
2 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:00.03 ksoftirqd/0
5 root 5 -10 0 0 0 S 0.0 0.0 0:00.28 khelper
6 root 5 -10 0 0 0 S 0.0 0.0 0:10.17 kblockd/0
7 root 15 0 0 0 0 S 0.0 0.0 0:00.00 khubd
27 root 15 0 0 0 0 S 0.0 0.0 1:12.35 pdflush
28 root 15 0 0 0 0 S 0.0 0.0 1:45.11 pdflush
30 root 13 -10 0 0 0 S 0.0 0.0 0:00.00 aio/0
29 root 15 0 0 0 0 S 0.0 0.0 2:05.99 kswapd0
33 root 25 0 0 0 0 S 0.0 0.0 0:00.00 kseriod
125 root 6 -10 0 0 0 S 0.0 0.0 0:00.00 ata/0
126 root 16 0 0 0 0 S 0.0 0.0 0:00.00 khpsbpkt
137 root 5 -10 0 0 0 S 0.0 0.0 0:08.68 reiserfs/0
354 root 17 0 1724 976 1408 S 0.0 0.3 0:02.07 devfsd
5577 root 16 0 2212 616 1268 S 0.0 0.2 0:06.68 metalog
5578 root 15 0 1428 504 1268 S 0.0 0.2 0:00.00 metalog
5771 root 16 0 3808 1608 3436 S 0.0 0.5 0:00.02 sshd
5974 root 16 0 1604 692 1436 S 0.0 0.2 0:01.26 cron
6004 root 17 0 1496 660 1312 S 0.0 0.2 0:00.00 agetty
6005 root 17 0 1496 660 1312 S 0.0 0.2 0:00.00 agetty
6006 root 16 0 1496 660 1312 S 0.0 0.2 0:00.00 agetty
6007 root 16 0 1496 660 1312 S 0.0 0.2 0:00.00 agetty
6008 root 17 0 1496 660 1312 S 0.0 0.2 0:00.00 agetty
22116 root 16 0 6812 2136 6192 R 0.0 0.7 0:00.41 sshd
22123 root 15 0 2172 1264 1972 S 0.0 0.4 0:00.09 bash
Again, thanks for your help!
The strong must protect the Sweet.
Interesting, the trouble-making agetty is the one on virtual terminal 1 and it's running since Jan13, meaning you logged out on that terminal yesterday. Could you try logging in on virtual terminal 1 again and see if the problem is gone? If the problem disappears and reappears after logging out again, your agetty is probably a little borked/misconfigured or something. It probably wants to insert your host/domainname into the greeting string and thus queries the DNS for that (however, it shouldn't do that repeatedly, of course).HomerSimpson wrote:Code: Select all
root 6004 0.0 0.2 1496 660 tty2 Ss+ 2005 0:00 /sbin/agetty 38400 tty2 linux root 6005 0.0 0.2 1496 660 tty3 Ss+ 2005 0:00 /sbin/agetty 38400 tty3 linux root 6006 0.0 0.2 1496 660 tty4 Ss+ 2005 0:00 /sbin/agetty 38400 tty4 linux root 6007 0.0 0.2 1496 660 tty5 Ss+ 2005 0:00 /sbin/agetty 38400 tty5 linux root 6008 0.0 0.2 1496 660 tty6 Ss+ 2005 0:00 /sbin/agetty 38400 tty6 linux root 11363 4.4 0.2 1496 660 tty1 Ss+ Jan13 39:57 /sbin/agetty 38400 tty1 linux ...
Perhaps you updated your "sys-apps/util-linux" (which contains agetty) and the other running, well-behaved agettys are still the old version (until someone logs on).
JRV
- HomerSimpson
- l33t
- Posts: 869
- Joined: Sat Jan 25, 2003 3:37 pm
- Location: Ohio, USA
HomerSimpson wrote:The computer is headless and I can only log in through ssh.
Code: Select all
killall -9 agetty- HomerSimpson
- l33t
- Posts: 869
- Joined: Sat Jan 25, 2003 3:37 pm
- Location: Ohio, USA
LOL. When I killall -9 agetty, I can see for about a second or two that the net traffic stops but then it jumps right back up.
Thanks for all your help! I am going to be away from my computer for a bit but when I get back I will see if there are some updates needed. It is a headless system and I don't keep it up to date. It just runs as is and I only fix it when its broke. Like now.
Thanks
Thanks for all your help! I am going to be away from my computer for a bit but when I get back I will see if there are some updates needed. It is a headless system and I don't keep it up to date. It just runs as is and I only fix it when its broke. Like now.
Thanks
The strong must protect the Sweet.
I don't think that's the problem. I'm not using nscd and I'm not having any problems with name resolution or my agettys. I'm guessing his agetty is broken. Of course, turning on nscd should hide the problem by keeping it local to the host.guero61 wrote:Look into starting /etc/init.d/nscd in your default run level.
Name Service Cache Daemon.
JRV
- HomerSimpson
- l33t
- Posts: 869
- Joined: Sat Jan 25, 2003 3:37 pm
- Location: Ohio, USA