cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1544
Views
10
Helpful
17
Replies

DNS Server using heavily cpu

cabe49
Level 1
Level 1

I have a 1921 router, which are being used as DNS server.

Over time the DNS cache reaches typically around 4-5000 entries, and the process begins to use cpu heavily around 95 %.
As an intermediate solution I have made a EEM script which monitors SYS-3-CPUHOG in the log, and do a

clear host *.

But why is this happen suddenly - the router have been run ning for several years without problems.

Thanks for your time.

2 Accepted Solutions

Accepted Solutions

why you not use external Server ??

View solution in original post

To be honest Cisco router not a full level of DNS Server (and that too lower end model)

You have 2 Options 

1. If you do not need DNS Server (not sure what is the need here) use google DNS

2. you already have the option of EEM Script clear host * ( you can lower the time of EEM Script watchdog timers )

if this impacting performance - the suggest to use Public DNS.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

17 Replies 17

Hello,

how old is the router, and what IOS version are you running ? Since the router is end of life/end of sale as of 2018, it is probably quite old, and running (I am guesing) a 15.x IOS. The problem could be caused by memory leaking. Instead of clearing the host table, I would suggest to occasionally reboot the device, and check if that makes a difference.

Yoy’re right, its suite Old - I dont know the exact age. Its running 15.0.

I have been collecting some statistics every 5 min, and can observe that in the time up to cpu hog the DNS cache entries increases with around 100 per minute. 
DNS attach?

This also happens at times where no users are at work. 

And can happen more than one time during a day. 

show hosts

<<- can I see this ?

balaji.bandi
Hall of Fame
Hall of Fame

Make sure you have IP CEF enabled.

Also, can you post a sample output of

show the process CPU sorted and show process CPU | ex 0.00

if possible post-DNS configuration. if this acts as a DNS Server limit with ACL only Local IP use as DNS Queries and allows from router to go out to root DNS, check if that may be helpful.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

cabe49
Level 1
Level 1

IP chef is enabled.

Attached are output of desired commands.

Thanks for your time.

why you not use external Server ??

Most of my devices gets ip through DHCP.

 

Should I just change the DHCP pool - dns-server 8.8.8.8 8.8.4.4 (or any other external):

p dhcp pool Pool1
import all
network 192.168.1.0 255.255.255.0
dns-server 192.168.1.1 8.8.8.8
default-router 192.168.1.1

and disable dns server:

no ip dns server

dns-server  8.8.8.8 192.168.1.1 <<- try this and not disable ip dns server, 


this I think make Client use 8.8.8.8 then if failed it will used your router (GW). 

To be honest Cisco router not a full level of DNS Server (and that too lower end model)

You have 2 Options 

1. If you do not need DNS Server (not sure what is the need here) use google DNS

2. you already have the option of EEM Script clear host * ( you can lower the time of EEM Script watchdog timers )

if this impacting performance - the suggest to use Public DNS.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hoffmanheath903
Level 1
Level 1

I have a similar problem.

follow same suggestion. or uplift the model to latest or offload DNS to Rasberry Pi (pi-hole)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty
Hall of Fame
Hall of Fame

"But why is this happen suddenly - the router have been run ning for several years without problems."

Yea, no doubt that's true, but it could be something as simple as your users are more active, and/or some new application, creating even more DNS requests than years past.  Possibly the proverbial straw that breaks the camel's back.

I was just examining 15.x M&T DNS documentation.  Didn't find any commands to control DNS cache.

Depending what specific 15.x version you're on, moving to the latest (or final) release in your train, or moving to a later 15.x version, might deal with this issue better (if you can still obtain either).  However, like many of the other posters, using your 1921 for a somewhat busy (?) DNS server, is probably not an ideal situation.  I.e. move the DNS function off it.

Since you've found using an EEM script, clearing the DNS cache works well, rather than waiting just on a CPU hog message, you might also have an EEM script clear your DNS cache, once daily, ideally when router least used.  (I.e. the purpose of clearing cache daily, is to avoid the router getting to a CPU hog point.)

If you wanted to try to further identify why cache is filling up, showing the contents of the DNS cache (show hosts), might help with such analysis.

@Joseph W. Doherty one of the post-op have provided the  full output of

show host

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@Joseph W. Doherty one of the post-op have provided the  full output of 

show host

Thanks @balaji.bandi , I missed seeing that.

Looking at that hosts listing, though, I wonder about some of the IPs (e.g.: 104.40.191.174, 51.104.28.80, 165.160.13.20, 165.160.15.20, etc.) that list so many DNS names and/or the group of DNS names using a local loopback IP (127.0.0.1).

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco