[ntp:hackers] Fwd: Linux syslog

Danny Mayer mayer at ntp.isc.org
Fri Jun 9 13:39:48 UTC 2006


I'm crossposting this message from the bind-users mailing list since
people here are likely to run into the same issues whether or not the
are running DNS servers.

Danny

-------- Original Message --------
Subject: Re: UDP packet loss
Date: Thu, 8 Jun 2006 14:39:42 -0500 (CDT)
From: Scott S. Bertilson <scott at nts.umn.edu>
To: Pavel Urban <urbanp at mlp.cz>
CC: bind-users at isc.org

> I've tried to find out the cause of some strange resolving problem we 
> are experiencing. From time to time, our server seems to ignore some 
> requests, while others are answered promptly. It seems to me that the 
> problem is UDP packet loss.
...
> RedHat Linux ES release 4, 2.6.9-34.ELsmp kernel, dual Opteron system 
> with 6GB ram, no local zones, just resolver/cache. bind-9.3.2-2_EL4

  As to possible cause, one thing worth checking is whether
your name server is logging anything substantial via "syslog".
If it is, and if your system is configured as many Linux
systems seem to be (RedHat Enterprise 3 and 4), the default
behavior is that "syslog" does a "fsync" for _every_
message that is logged.  This is due to a bug/"feature" of
the Linux implementation of "syslogd".  It has the most
drastic effects when incoming log messages are from the
local host and are delivered over a Unix domain socket.
Unlike syslog messages received via UDP, the Unix domain
socket blocks the process instead of dropping the message
when the socket buffer is full.
  We had many issues with DNS servers on our campus until we
configured our on-host syslog server to disable the "fsync"
activity.  You do this by prepending the file name in
"/etc/syslog.conf" with a "-" as in:
    local2.*				-/var/log/named.log
Note that we also force our DNS logging to "local2".  In
most cases, it probably uses facility "daemon" which likely
ends up in "/var/log/messages".  Look for _any_ syslog
destination files with a heavy flux of DNS messages and try
this on all of them.
				Scott





More information about the hackers mailing list