named has >70% CPU usage

My server has been slow for two weeks, so I started investigating a little. I see that named is constantly using over 70% CPU (I have 3 cpu cores). I'm worried because my MySQL is especially slow lately, and I'm guessing that may be related. I can see in top that MySQL sometimes uses 97-100% cpu for up to a minute, and then falls back to below 0.5, which I'm assuming is not normal. No backups are running right now, or at least they shouldn't. My memory usage seems fine, as free -m shows 0 for Swap.

When I restart named, its cpu usage just goes right back to 70-75%.

I'm pretty sure that's not how it's supposed to be ... also, I wonder if I actually need it at all? I don't use the server as DNS server; all DNS settings are made at the domain registrars. But I don't want to make very risky changes because a lot of people are working on web applications on this server.

Do I need named?
If not, how can I permanently disable it?
If yes, how can I see what's causing it to use up so much cpu?

A sample of top (at a moment that mysqld is feeling calm):

Hmm... I'm wondering now whether a backup might have just run anyway, seeing that ncftpput up there?... They're supposed to run at night though, which is about 10 hours ago. But anyway, that should be unrelated to my named issue.

I can't imagine what named would be doing that would consume that much CPU. The only normal thing I can think of that would cause a spike is if someone is attempting to DDOS your DNS server. If you turn up the logging for named you can actually log each query made to confirm/deny if this is the case. If it doesn't show a large amount of queries then the next tool I would use to help figure out the problem is strace.

Strace is used to trace low level system calls of running programs. Useful for debugging daemons and other processes. To execute it just do something like:
strace -f -o /path/to/strace.log -p 18405
This will trace your specific named process from above and write all the output to /path/to/strace.log (adjust for your system). What it will show you, are calls to open/close/read/write files, sockets, pipes and many other types of low level calls. I would do this and let it run for a short period of time then ctrl-C out of it. The output file should be quite large. For an average named process, I would expect it to spend most of the time sitting on a select() statement waiting for a client process to make a request.

Thank you for the suggestions. Unfortunately I do not have Strace installed, and wasn't sure whether it was worth installing it if I can just disable named instead, since I'm not using it anyway. For now I'll just hope that the named issue wasn't a symptom of a more serious issue!

I've got a server on which I have disabled named. I too don't manage any DNS on it, and because it's just running for nothing I turned it off. It uses resources and in theory every service is a potential security risk.

What you need to do is 2 things, but make sure indeed no one is relying on your DA DNS control.

1. Disable named in the DA monitor, so it won't alert you that a service is down

Modify /usr/local/directadmin/data/admin/services.status - set named to OFF


2. Shut down and disable named startup script
/etc/init.d/named stop

Modify the script, nano /etc/init.d/named

Just below the first line, add exit 0;

#!/bin/sh -e
exit 0;

Click to expand...

This is an easy hack to prevent named from being started/controlled; and you can easily undo it by removing the exit line.