OVH Community, votre nouvel espace communautaire.

Full cpu du process named sur debian 6 avec virtualmin


absolom
02/11/2014, 13h48
Oui, c'est toujours la dernière solution ... Je comprends vraiment pas d’où ça vient quand même, mais c'est stable depuis !

cassiopee
01/11/2014, 02h25
Oui, le reboot du VPS était ma dernière idée sans trop y croire. Bon, content de voir que ça c'est arrangé finalement

absolom
01/11/2014, 00h23
Pas mieux, vu l'heure, je reboot pour voir.

- - - Mise à jour - - -

Ben mince alors, le reboot semble avoir fonctionné !!!
Tout semble normal ... On saura jamais, mais je vais bein dormir ;-)

Merci pour l'aide en tout cas.

cassiopee
01/11/2014, 00h00
Au hasard : et si tu arrêtes complètement Apache ?
(puis redémarrage de Bind)

absolom
31/10/2014, 22h23
En effet, c'est un site supprimé, j'ai testé, bonne idée, mais pas mieux, toujours en full CPU ...

absolom
31/10/2014, 18h35
Non, j'ai plus ça, tout semble nickel ...

Code:
#serveur named[18591]: starting BIND 9.9.5-4.3-Debian -u bind -n 1
#serveur named[18591]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
#serveur named[18591]: ----------------------------------------------------
#serveur named[18591]: BIND 9 is maintained by Internet Systems Consortium,
#serveur named[18591]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
#serveur named[18591]: corporation.  Support and training for BIND 9 are 
#serveur named[18591]: available at https://www.isc.org/support
#serveur named[18591]: ----------------------------------------------------
#serveur named[18591]: adjusted limit on open files from 1024 to 1048576
#serveur named[18591]: found 4 CPUs, using 1 worker thread
#serveur named[18591]: using 1 UDP listener per interface
#serveur named[18591]: using up to 4096 sockets
#serveur named[18591]: loading configuration from '/etc/bind/named.conf'
#serveur named[18591]: reading built-in trusted keys from file '/etc/bind/bind.keys'
#serveur named[18591]: using default UDP/IPv4 port range: [1024, 65535]
#serveur named[18591]: using default UDP/IPv6 port range: [1024, 65535]
#serveur named[18591]: listening on IPv6 interfaces, port 53
#serveur named[18591]: listening on IPv4 interface lo, 127.0.0.1#53
#serveur named[18591]: listening on IPv4 interface venet0, 127.0.0.2#53
#serveur named[18591]: listening on IPv4 interface venet0:0, 87.98.166.57#53
#serveur named[18591]: generating session key for dynamic DNS
#serveur named[18591]: sizing zone task pool based on 25 zones
#serveur named[18591]: using built-in root key for view _default
#serveur named[18591]: set up managed keys zone for view _default, file '/var/cache/bind/managed-keys/managed-keys.bind'
#serveur named[18591]: automatic empty zone: 10.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 16.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 17.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 18.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 19.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 20.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 21.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 22.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 23.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 24.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 25.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 26.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 27.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 28.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 29.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 30.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 31.172.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 168.192.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 64.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 65.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 66.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 67.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 68.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 69.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 70.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 71.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 72.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 73.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 74.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 75.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 76.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 77.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 78.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 79.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 80.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 81.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 82.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 83.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 84.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 85.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 86.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 87.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 88.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 89.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 90.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 91.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 92.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 93.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 94.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 95.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 96.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 97.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 98.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 99.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 100.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 101.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 102.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 103.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 104.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 105.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 106.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 107.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 108.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 109.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 110.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 111.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 112.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 113.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 114.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 115.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 116.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 117.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 118.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 119.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 120.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 121.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 122.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 123.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 124.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 125.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 126.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 127.100.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 254.169.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
#serveur named[18591]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
#serveur named[18591]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
#serveur named[18591]: automatic empty zone: D.F.IP6.ARPA
#serveur named[18591]: automatic empty zone: 8.E.F.IP6.ARPA
#serveur named[18591]: automatic empty zone: 9.E.F.IP6.ARPA
#serveur named[18591]: automatic empty zone: A.E.F.IP6.ARPA
#serveur named[18591]: automatic empty zone: B.E.F.IP6.ARPA
#serveur named[18591]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
#serveur named[18591]: command channel listening on 127.0.0.1#953
#serveur named[18591]: command channel listening on ::1#953
#serveur named[18591]: managed-keys-zone: journal file is out of date: removing journal file
#serveur named[18591]: managed-keys-zone: loaded serial 2
#serveur named[18591]: zone 0.in-addr.arpa/IN: loaded serial 1
#serveur named[18591]: zone 255.in-addr.arpa/IN: loaded serial 1
#serveur named[18591]: zone beauty-plazza.com/IN: 'beauty-plazza.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone beauty-plazza.com/IN: loaded serial 1369754772
#serveur named[18591]: zone yes-escala.com/IN: 'yes-escala.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone yes-escala.com/IN: loaded serial 1361542468
#serveur named[18591]: zone absolom.fr/IN: 'absolom.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone absolom.fr/IN: loaded serial 2013013117
#serveur named[18591]: zone esthetic-for-you.com/IN: 'esthetic-for-you.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone esthetic-for-you.com/IN: loaded serial 1369754775
#serveur named[18591]: zone localhost/IN: loaded serial 2
#serveur named[18591]: zone 127.in-addr.arpa/IN: loaded serial 1
#serveur named[18591]: zone epotam.net/IN: 'epotam.net' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone epotam.net/IN: loaded serial 1358937198
#serveur named[18591]: zone mondepro.fr/IN: 'mondepro.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone mondepro.fr/IN: loaded serial 2013020409
#serveur named[18591]: zone kidourecre.fr/IN: 'kidourecre.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone kidourecre.fr/IN: loaded serial 1359321633
#serveur named[18591]: zone vitavi.fr/IN: 'vitavi.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone vitavi.fr/IN: loaded serial 1361527046
#serveur named[18591]: zone beautyplazza.com/IN: 'beautyplazza.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone beautyplazza.com/IN: loaded serial 1369146591
#serveur named[18591]: zone blog-tokio-hotel.com/IN: 'blog-tokio-hotel.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone blog-tokio-hotel.com/IN: loaded serial 2013013102
#serveur named[18591]: zone lacroixfalgarde.com/IN: 'lacroixfalgarde.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone lacroixfalgarde.com/IN: loaded serial 1359131106
#serveur named[18591]: zone viva-esthetic.com/IN: 'viva-esthetic.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone viva-esthetic.com/IN: loaded serial 1369754776
#serveur named[18591]: zone viva-esthetic.fr/IN: 'viva-esthetic.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone viva-esthetic.fr/IN: loaded serial 1369754775
#serveur named[18591]: zone lacroix-falgarde.com/IN: 'lacroix-falgarde.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone lacroix-falgarde.com/IN: loaded serial 2013013102
#serveur named[18591]: zone razimbaud.com/IN: 'razimbaud.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone razimbaud.com/IN: loaded serial 2013012509
#serveur named[18591]: zone esthetic-center-95.com/IN: 'esthetic-center-95.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone esthetic-center-95.com/IN: loaded serial 1359454152
#serveur named[18591]: zone mondepro.com/IN: 'mondepro.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone mondepro.com/IN: loaded serial 2013020410
#serveur named[18591]: zone absolom-design.com/IN: 'absolom-design.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone absolom-design.com/IN: loaded serial 2013013113
#serveur named[18591]: zone esthetic-center95.com/IN: 'esthetic-center95.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone esthetic-center95.com/IN: loaded serial 1359454151
#serveur named[18591]: zone kidourecre.com/IN: 'kidourecre.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
#serveur named[18591]: zone kidourecre.com/IN: loaded serial 1359321631
#serveur named[18591]: all zones loaded
#serveur named[18591]: running
#serveur named[18591]: zone beautyplazza.com/IN: sending notifies (serial 1369146591)
#serveur named[18591]: zone absolom.fr/IN: sending notifies (serial 2013013117)
#serveur named[18591]: zone mondepro.com/IN: sending notifies (serial 2013020410)
#serveur named[18591]: zone yes-escala.com/IN: sending notifies (serial 1361542468)
#serveur named[18591]: zone beauty-plazza.com/IN: sending notifies (serial 1369754772)
#serveur named[18591]: zone epotam.net/IN: sending notifies (serial 1358937198)
#serveur named[18591]: zone kidourecre.com/IN: sending notifies (serial 1359321631)
#serveur named[18591]: zone kidourecre.fr/IN: sending notifies (serial 1359321633)
#serveur named[18591]: zone esthetic-center-95.com/IN: sending notifies (serial 1359454152)
#serveur named[18591]: zone lacroix-falgarde.com/IN: sending notifies (serial 2013013102)
#serveur named[18591]: zone absolom-design.com/IN: sending notifies (serial 2013013113)
#serveur named[18591]: zone razimbaud.com/IN: sending notifies (serial 2013012509)
#serveur named[18591]: zone viva-esthetic.fr/IN: sending notifies (serial 1369754775)
#serveur named[18591]: zone blog-tokio-hotel.com/IN: sending notifies (serial 2013013102)
#serveur named[18591]: zone esthetic-center95.com/IN: sending notifies (serial 1359454151)
#serveur named[18591]: zone esthetic-for-you.com/IN: sending notifies (serial 1369754775)
#serveur named[18591]: zone mondepro.fr/IN: sending notifies (serial 2013020409)
#serveur named[18591]: zone lacroixfalgarde.com/IN: sending notifies (serial 1359131106)
#serveur named[18591]: zone vitavi.fr/IN: sending notifies (serial 1361527046)
#serveur named[18591]: zone viva-esthetic.com/IN: sending notifies (serial 1369754776)
Oct 31 18:25:00 87-98-166-57 named[18591]: clients-per-query increased to 15
Oct 31 18:25:34 87-98-166-57 named[18591]: success resolving 'scarlett-johansson.eu/DS' (in 'eu'?) after disabling EDNS
Oct 31 18:26:37 87-98-166-57 named[18591]: client 74.125.73.145#56650 (petitsexe.com): query (cache) 'petitsexe.com/MX/IN' denied
Oct 31 18:26:37 87-98-166-57 named[18591]: client 74.125.73.148#56640 (petitsexe.com): query (cache) 'petitsexe.com/MX/IN' denied
Oct 31 18:26:37 87-98-166-57 named[18591]: client 74.125.73.145#36364 (petitsexe.com): query (cache) 'petitsexe.com/MX/IN' denied
Oct 31 18:27:05 87-98-166-57 named[18591]: success resolving 'ns1.your-server.de/AAAA' (in 'your-server.de'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:27:05 87-98-166-57 named[18591]: success resolving 'ns1.your-server.de/A' (in 'your-server.de'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:27:05 87-98-166-57 named[18591]: success resolving 'ns3.second-ns.de/A' (in 'second-ns.de'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:27:05 87-98-166-57 named[18591]: success resolving 'ns3.second-ns.de/AAAA' (in 'second-ns.de'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:27:15 87-98-166-57 named[18591]: client 162.212.181.242#64697 (wwww.jrdga.info): query (cache) 'wwww.jrdga.info/A/IN' denied
Oct 31 18:28:43 87-98-166-57 named[18591]: success resolving 'ns1.zurich.surf.net/A' (in 'surf.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:43 87-98-166-57 named[18591]: success resolving 'ns1.zurich.surf.net/AAAA' (in 'surf.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:43 87-98-166-57 named[18591]: success resolving 'org/DNSKEY' (in 'org'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:43 87-98-166-57 named[18591]: success resolving 'apache.org/NS' (in 'apache.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:43 87-98-166-57 named[18591]: success resolving 'ns0.ja.net/A' (in 'ja.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:43 87-98-166-57 named[18591]: success resolving 'ns0.ja.net/AAAA' (in 'ja.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:46 87-98-166-57 named[18591]: success resolving 'dnswl1.chaosreigns.com/AAAA' (in 'chaosreigns.com'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:46 87-98-166-57 named[18591]: success resolving 'dnswl1.chaosreigns.com/A' (in 'chaosreigns.com'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:48 87-98-166-57 named[18591]: success resolving '20.182.70.217.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:48 87-98-166-57 named[18591]: success resolving '40.184.70.217.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:48 87-98-166-57 named[18591]: success resolving '2.97.246.173.zen.spamhaus.org/A' (in 'zen.spamhaus.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
Oct 31 18:28:55 87-98-166-57 named[18591]: client 65.55.37.36#58170 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:29:00 87-98-166-57 named[18591]: client 109.224.14.2#60254 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:29:00 87-98-166-57 named[18591]: client 109.224.14.3#39845 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:29:00 87-98-166-57 named[18591]: client 109.224.14.2#52326 (www.petitsexe.com): query (cache) 'www.petitsexe.com/AAAA/IN' denied
Oct 31 18:29:00 87-98-166-57 named[18591]: client 109.224.14.3#3894 (www.petitsexe.com): query (cache) 'www.petitsexe.com/AAAA/IN' denied
Oct 31 18:29:01 87-98-166-57 named[18591]: client 109.224.14.5#10145 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:29:36 87-98-166-57 named[18591]: client 109.224.14.5#5914 (www.petitsexe.com): query (cache) 'www.petitsexe.com/AAAA/IN' denied
Oct 31 18:30:16 87-98-166-57 named[18591]: client 74.125.187.83#52398 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:16 87-98-166-57 named[18591]: client 74.125.187.82#59233 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:16 87-98-166-57 named[18591]: client 74.125.187.81#52848 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:21 87-98-166-57 named[18591]: client 74.125.187.82#61271 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:21 87-98-166-57 named[18591]: client 74.125.187.81#56371 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:21 87-98-166-57 named[18591]: client 74.125.187.82#36427 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:21 87-98-166-57 named[18591]: client 65.49.14.147#48166 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:21 87-98-166-57 named[18591]: client 65.19.176.2#55382 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:22 87-98-166-57 named[18591]: client 74.125.187.83#42499 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:22 87-98-166-57 named[18591]: client 74.125.187.80#54078 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:22 87-98-166-57 named[18591]: client 74.125.187.80#38260 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:23 87-98-166-57 named[18591]: client 74.125.187.83#47377 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:23 87-98-166-57 named[18591]: client 74.125.187.81#40952 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:23 87-98-166-57 named[18591]: client 74.125.187.80#64500 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:30:24 87-98-166-57 named[18591]: client 65.49.14.147#13740 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:31:24 87-98-166-57 named[18591]: client 206.162.167.250#61802 (mx5.protecmail.com): query (cache) 'mx5.protecmail.com/A/IN' denied
Oct 31 18:31:24 87-98-166-57 named[18591]: client 206.162.167.250#61892 (mx2.protecmail.com): query (cache) 'mx2.protecmail.com/A/IN' denied
Oct 31 18:32:12 87-98-166-57 named[18591]: client 109.224.14.2#65250 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:32:47 87-98-166-57 named[18591]: client 109.224.14.2#55205 (www.petitsexe.com): query (cache) 'www.petitsexe.com/AAAA/IN' denied
Oct 31 18:32:58 87-98-166-57 named[18591]: client 64.89.230.9#51288 (petitsexe.com): query (cache) 'petitsexe.com/MX/IN' denied
Oct 31 18:33:23 87-98-166-57 named[18591]: client 109.224.14.3#2459 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:33:23 87-98-166-57 named[18591]: client 109.224.14.2#53829 (www.petitsexe.com): query (cache) 'www.petitsexe.com/A/IN' denied
Oct 31 18:33:23 87-98-166-57 named[18591]: client 109.224.14.3#42430 (www.petitsexe.com): query (cache) 'www.petitsexe.com/AAAA/IN' denied
Oct 31 18:33:24 87-98-166-57 named[18591]: client 109.224.14.2#64426 (www.petitsexe.com): query (cache) 'www.petitsexe.com/AAAA/IN' denied

cassiopee
31/10/2014, 18h31
Dans les logs de démarrage de Bind, tu as toujours la mention du répertoire qui n'est pas accessible en écriture ?

absolom
31/10/2014, 18h28
Bon, ça tourne toujours à 100%, mais j'ai réussi à limiter en réduisant le nombre de thread à 1 seul au lieu des 4.

Code:
nano /etc/default/bind9

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -n 1"
J'ai également rajouté la directive : managed-keys-directory "/var/cache/bind/managed-keys"; dans /etc/bind/named.conf.options car j'ai lu que ça pouvait faire du full CPU (https://bugs.debian.org/cgi-bin/bugr...cgi?bug=695264)

C'est vraiment dingue ce truc ...

absolom
31/10/2014, 15h43
Non non, ce sont des reste de ma mis eà jour manuelle pour bind, sur un autre serveur, je suis en 9.7.3

fritz2cat
31/10/2014, 15h35
oups. faut que je mette à jour :~

absolom
31/10/2014, 15h30
Code:
named -V
BIND 9.9.5-4.3-Debian (Extended Support Version)  built by make with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
compiled by GCC 4.9.1
using OpenSSL version: OpenSSL 1.0.1i 6 Aug 2014
using libxml2 version: 2.9.1

md5sum `which named`
81c85c4b66b74b61114ec3d95dabeb9f  /usr/sbin/named

dpkg -l|grep named
dpkg -l|grep bind
ii  bind9                                                  1:9.9.5.dfsg-4.3             Internet Domain Name Server
ii  bind9-host                                             1:9.7.3.dfsg-1~squeeze12     Version of 'host' bundled with BIND 9.X
ii  bind9utils                                             1:9.9.5.dfsg-4.3             Utilities for BIND
ii  libbind9-60                                            1:9.7.3.dfsg-1~squeeze12     BIND9 Shared Library used by BIND
ii  libbind9-90                                            1:9.9.5.dfsg-4.3             BIND9 Shared Library used by BIND

absolom
31/10/2014, 15h22
Maintenant oui !

Sinon, je migre vers debian 7 si y'a pas de soucis à l'upgrade ...

A y être, de toute façon, ce full cpu me prend toutes les ressources serveur ... Même au niveau proxmox du coup !

fritz2cat
31/10/2014, 15h16
debian 6 ? avec le repository LTS, j'espère...

- - - Mise à jour - - -

Sur un de mes serveurs debian 6::

Code:
root@b1:~# named -V
BIND 9.7.3 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
root@b1:~# md5sum `which named`
8fc60addf60a660191355a01f51feb92  /usr/sbin/named
root@b1:~# dpkg -l|grep named
root@b1:~# dpkg -l|grep bind
ii  bind9                               1:9.7.3.dfsg-1~squeeze12     Internet Domain Name Server
ii  bind9-doc                           1:9.7.3.dfsg-1~squeeze12     Documentation for BIND
ii  bind9-host                          1:9.7.3.dfsg-1~squeeze12     Version of 'host' bundled with BIND 9.X
ii  bind9utils                          1:9.7.3.dfsg-1~squeeze12     Utilities for BIND
ii  libbind9-60                         1:9.7.3.dfsg-1~squeeze12     BIND9 Shared Library used by BIND
ii  libnss-lwres                        0.93-6+b1                    NSS module for using bind9's lwres as a naming service
root@b1:~#

absolom
31/10/2014, 14h51
Par contre, j'ai pas mentionné, mais ça tourne sous une VM via proxmox, mais bon, j'en ai pleins d'autres sous virtualmin avec la même config, debian 6, et ça tourne nickel bind ...

Code:
df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/simfs            500G   11G  490G   3% /
tmpfs                 4.0G     0  4.0G   0% /lib/init/rw
tmpfs                 4.0G     0  4.0G   0% /dev/shm
Code:
df -hi
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
/dev/simfs               96M    308K     96M    1% /
tmpfs                   1.0M       5    1.0M    1% /lib/init/rw
tmpfs                   1.0M       1    1.0M    1% /dev/shm

cassiopee
31/10/2014, 12h34
Ok ;

Que donne comme résultat la commande :

Code:
df -h
et
Code:
df -hi
?

absolom
31/10/2014, 12h29
- un chroot pour ton Bind ? non
- un firewall dans le serveur ? je sais pas, y'a apparmor, ça te parle ?

c'est une distrib virtualmin standard ...

cassiopee
31/10/2014, 12h23
Ok et que donne comme résultat la commande :

Code:
# md5sum /usr/sbin/named
?

- - - Mise à jour - - -

Ah non j'oubliais que tu as fais une mise à jour à part de Bind donc je ne pourrais pas comparer

- - - Mise à jour - - -

Est-ce que tu utilises :

- un chroot pour ton Bind ?
- un firewall dans le serveur ?

absolom
31/10/2014, 12h21
Pfff, idem ... :-(

- - - Mise à jour - - -

Code:
ps aux | grep named
bind     26357 91.8  0.2  79492 19004 ?        Ssl  12:19   1:24 /usr/sbin/named -u bind
root     26424  0.0  0.0   3496   752 pts/1    S+   12:21   0:00 grep named

cassiopee
31/10/2014, 12h19
Ok, dans "/etc/named.conf", met en commentaire la ligne

Code:
include "/etc/bind/named.conf.local";
et redémarre Bind pour voir.

- - - Mise à jour - - -

Que donne comme résultat la commande :

Code:
ps aux | grep named
?

absolom
31/10/2014, 12h11
Code:
named-checkconf -z

zone blog-tokio-hotel.com/IN: 'blog-tokio-hotel.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone blog-tokio-hotel.com/IN: loaded serial 2013013102
zone epotam.net/IN: 'epotam.net' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone epotam.net/IN: loaded serial 1358937198
zone razimbaud.com/IN: 'razimbaud.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone razimbaud.com/IN: loaded serial 2013012509
zone lacroix-falgarde.com/IN: 'lacroix-falgarde.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone lacroix-falgarde.com/IN: loaded serial 2013013102
zone kidourecre.com/IN: 'kidourecre.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone kidourecre.com/IN: loaded serial 1359321631
zone kidourecre.fr/IN: 'kidourecre.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone kidourecre.fr/IN: loaded serial 1359321633
zone esthetic-center95.com/IN: 'esthetic-center95.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone esthetic-center95.com/IN: loaded serial 1359454151
zone esthetic-center-95.com/IN: 'esthetic-center-95.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone esthetic-center-95.com/IN: loaded serial 1359454152
zone absolom-design.com/IN: 'absolom-design.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone absolom-design.com/IN: loaded serial 2013013113
zone absolom.fr/IN: 'absolom.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone absolom.fr/IN: loaded serial 2013013117
zone lacroixfalgarde.com/IN: 'lacroixfalgarde.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone lacroixfalgarde.com/IN: loaded serial 1359131106
zone mondepro.com/IN: 'mondepro.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone mondepro.com/IN: loaded serial 2013020410
zone mondepro.fr/IN: 'mondepro.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone mondepro.fr/IN: loaded serial 2013020409
zone vitavi.fr/IN: 'vitavi.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone vitavi.fr/IN: loaded serial 1361527046
zone yes-escala.com/IN: 'yes-escala.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone yes-escala.com/IN: loaded serial 1361542468
zone beautyplazza.com/IN: 'beautyplazza.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone beautyplazza.com/IN: loaded serial 1369146591
zone beauty-plazza.com/IN: 'beauty-plazza.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone beauty-plazza.com/IN: loaded serial 1369754772
zone esthetic-for-you.com/IN: 'esthetic-for-you.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone esthetic-for-you.com/IN: loaded serial 1369754775
zone viva-esthetic.fr/IN: 'viva-esthetic.fr' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone viva-esthetic.fr/IN: loaded serial 1369754775
zone viva-esthetic.com/IN: 'viva-esthetic.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone viva-esthetic.com/IN: loaded serial 1369754776
zone localhost/IN: loaded serial 2
zone 127.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
- - - Mise à jour - - -

Et le TOP :

Code:
24962 bind      20   0 93012  32m 2896 S  106  0.4  16:43.59 named

cassiopee
31/10/2014, 12h06
Humm, rien de spécial a priori.

Que donne comme résultat la commande
Code:
named-checkconf -z
?

absolom
31/10/2014, 12h03
Code:
ll /etc/bind

total 52
-rw-r--r-- 1 root root 2389 Oct 14 21:54 bind.keys
-rw-r--r-- 1 root root  237 Oct 14 21:54 db.0
-rw-r--r-- 1 root root  271 Oct 14 21:54 db.127
-rw-r--r-- 1 root root  237 Oct 14 21:54 db.255
-rw-r--r-- 1 root root  353 Oct 14 21:54 db.empty
-rw-r--r-- 1 root root  270 Oct 14 21:54 db.local
-rw-r--r-- 1 root root 3048 Oct 14 21:54 db.root
-rw-r--r-- 1 root bind  463 Oct 14 21:54 named.conf
-rw-r--r-- 1 root bind  490 Oct 14 21:54 named.conf.default-zones
-rw-r--r-- 1 root bind 2819 Oct 31 11:52 named.conf.local
-rw-r--r-- 1 root bind  890 Oct 31 11:50 named.conf.options
-rw-r----- 1 bind bind   77 Oct 31 11:50 rndc.key
-rw-r--r-- 1 root root 1317 Oct 14 21:54 zones.rfc1918
Code:
more named.conf

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
Code:
more named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};
Code:
more named.conf.options 

options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
};
Code:
more named.conf.local 
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "blog-tokio-hotel.com" {
	type master;
	file "/var/lib/bind/blog-tokio-hotel.com.hosts";
	allow-transfer {
213.251.188.141;
		127.0.0.1;
		localnets;
		};
	};
zone "epotam.net" {
	type master;
	file "/var/lib/bind/epotam.net.hosts";
	allow-transfer {
213.251.188.141;
		127.0.0.1;
		localnets;
		};
	};
zone "razimbaud.com" {
	type master;
	file "/var/lib/bind/razimbaud.com.hosts";
	allow-transfer {
213.251.188.141;
		127.0.0.1;
		localnets;
		};
	};
zone "lacroix-falgarde.com" {
	type master;
	file "/var/lib/bind/lacroix-falgarde.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "kidourecre.com" {
	type master;
	file "/var/lib/bind/kidourecre.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "kidourecre.fr" {
	type master;
	file "/var/lib/bind/kidourecre.fr.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "esthetic-center95.com" {
	type master;
	file "/var/lib/bind/esthetic-center95.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "esthetic-center-95.com" {
	type master;
	file "/var/lib/bind/esthetic-center-95.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "absolom-design.com" {
	type master;
	file "/var/lib/bind/absolom-design.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "absolom.fr" {
	type master;
	file "/var/lib/bind/absolom.fr.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "lacroixfalgarde.com" {
	type master;
	file "/var/lib/bind/lacroixfalgarde.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "mondepro.com" {
	type master;
	file "/var/lib/bind/mondepro.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "mondepro.fr" {
	type master;
	file "/var/lib/bind/mondepro.fr.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "vitavi.fr" {
	type master;
	file "/var/lib/bind/vitavi.fr.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "yes-escala.com" {
	type master;
	file "/var/lib/bind/yes-escala.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "beautyplazza.com" {
	type master;
	file "/var/lib/bind/beautyplazza.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "beauty-plazza.com" {
	type master;
	file "/var/lib/bind/beauty-plazza.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "esthetic-for-you.com" {
	type master;
	file "/var/lib/bind/esthetic-for-you.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "viva-esthetic.fr" {
	type master;
	file "/var/lib/bind/viva-esthetic.fr.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};
zone "viva-esthetic.com" {
	type master;
	file "/var/lib/bind/viva-esthetic.com.hosts";
	allow-transfer {
		213.251.188.141;
		};
	};

cassiopee
31/10/2014, 11h54
Ok donc quel est le contenu des fichiers de configuration de Bind ?

absolom
31/10/2014, 11h42
J'ai plus le problème de writing directory, mais toujours processus named à 100 % ...

J'ai tenté un :
apt-get remove bind9 --purge
et un réinstall, même avec fichier vide, 100 %

C'est un truc de dingue cette histoire ...

Sisi j'ai bien un directory "/var/cache/bind";

Mais j'ai tout tenté, même de lancer named en root, idem.

- - - Mise à jour - - -

Code:
cat /proc/mounts

/dev/simfs / simfs rw,relatime 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
Code:
ls -ald /var/cache/bind/

drwxrwxr-x 2 root bind 4096 Oct 31 11:40 /var/cache/bind/

cassiopee
31/10/2014, 11h32
Dans un Virtualmin, je vois de mon côté :

Code:
# cat named.conf.options

options {
        directory "/var/cache/bind";
[...]
et les droits du répertoire en question :

Code:
# ls -ald /var/cache/bind/

drwxrwxr-x 2 root bind 4096 Oct 31 10:35 /var/cache/bind/

cassiopee
31/10/2014, 11h26
Tu peux regarder si tu n'as pas une directive "directory" dans l'un des fichiers de configuration de Bind.

Est-ce que ça ne pourrait pas venir d'un système de fichiers qui serait actuellement en "read only" ?
Que donne comme résultats la commande :
Code:
cat /proc/mounts
?

absolom
31/10/2014, 10h40
Idem avec un named.conf vide ...

C'est un truc de dingue, ça bouffe toutes les ressources, et en plus, ça prends les 4 CPU du serveur au démarrage de bind !

Par contre, je vois un the working directory is not writable ...

Pourtant, /var/cache/bind à bien le user et le group bind

Quel peut être le working directory sinon ?

named[19013]: starting BIND 9.9.5-4.3-Debian -u bind
named[19013]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
named[19013]: ----------------------------------------------------
named[19013]: BIND 9 is maintained by Internet Systems Consortium,
named[19013]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
named[19013]: corporation. Support and training for BIND 9 are
named[19013]: available at https://www.isc.org/support
named[19013]: ----------------------------------------------------
named[19013]: adjusted limit on open files from 1024 to 1048576
named[19013]: found 4 CPUs, using 4 worker threads
named[19013]: using 4 UDP listeners per interface
named[19013]: using up to 4096 sockets
named[19013]: loading configuration from '/etc/bind/named.conf'
named[19013]: reading built-in trusted keys from file '/etc/bind/bind.keys'
named[19013]: using default UDP/IPv4 port range: [1024, 65535]
named[19013]: using default UDP/IPv6 port range: [1024, 65535]
named[19013]: listening on IPv4 interface lo, 127.0.0.1#53
named[19013]: listening on IPv4 interface venet0, 127.0.0.2#53
named[19013]: listening on IPv4 interface venet0:0, 87.98.166.57#53
named[19013]: generating session key for dynamic DNS
named[19013]: sizing zone task pool based on 0 zones
named[19013]: set up managed keys zone for view _default, file 'managed-keys.bind'
named[19013]: the working directory is not writable
named[19013]: managed-keys-zone: loaded serial 0
named[19013]: all zones loaded
named[19013]: running

cassiopee
31/10/2014, 10h14
Ok, alors mets un contenu minimal, voire vide

absolom
31/10/2014, 09h30
Bonjour,

Merci pour l'aide.

Ca refuse de démarrer !

loading configuration from '/etc/bind/named.conf'
open: /etc/bind/named.conf: file not found
loading configuration: file not found
exiting (due to fatal error)

cassiopee
30/10/2014, 22h12
ça donne quoi en renommant les fichiers de configuration de Bind ? (de façon à ce qu'il démarre avec les options par défaut)

absolom
30/10/2014, 19h51
Bonjour @ tous,

J'ai un full CPU permanent dès que je lance bind, le processus est à 100%, rien à faire ...
J'ai fais des recherches, mais je n'ai pas le problème des droits (root:bind), et pas d'erreurs à priori dans les logs.

J'ai même upgradé bind en BIND 9.9.5-4.3-Debian (Extended Support Version), rien à faire ...

Il n'y a qu'une dizaine de noms de domaines sur ce serveur.

Des idées ?

Merci d'avance !