I have an NSD 4.0.3 slave running on FreeBSD. There are about 120 signed (NSEC3) domain names in the db, which is 500MB. Whenever the largest zone file (89MB when signed) is transferred from the master, the CPU load on the box sits at around 90% for several hours. During this time nsd-control zonestatus shows a different commit serial vs served serial, indicating that it’s processing. If I remove all of the other zone files from nsd.conf and just leave that 89MB zone the zone is transferred and served in less than 1min.
FreeBSD (64-bit) is running as a VM with 10GB of memory, it has 2 processors with four cores each.
I found one past nsd-users email that indicated there was a problem in 4.0.3 with large zone files and that the next version allows a separate db to be specified for large zones??
I have an NSD 4.0.3 slave running on FreeBSD. There are about 120
signed (NSEC3) domain names in the db, which is 500MB. Whenever
the largest zone file (89MB when signed) is transferred from the
master, the CPU load on the box sits at around 90% for several
hours. During this time nsd-control zonestatus shows a different
commit serial vs served serial, indicating that it's processing.
If I remove all of the other zone files from nsd.conf and just
leave that 89MB zone the zone is transferred and served in less
than 1min.
FreeBSD (64-bit) is running as a VM with 10GB of memory, it has 2
processors with four cores each.
I found one past nsd-users email that indicated there was a problem
in 4.0.3 with large zone files and that the next version allows a
separate db to be specified for large zones??
Yes that would likely help you here. The main effect is to reduce the
memory usage, and disk usage, I think that is what NSD is spending its
time on. It is trying to update the nsd.db and this is (apparantly)
taking a lot of time. Perhaps the VM has a lot of memory but the host
system does not and it starts swapping to disk?
The version under development (available in the development
repository), has a feature where you can set database: "" and it then
does not make that database. And likely, that means when you do a
zone transfer your machine does not start swapping to disk (or
whatever other pathological problems manifest at that time). However,
without the nsd.db is still needs to use main memory, if you are short
on that, then your OS could still go swap to disk and things become
very slow.