Solved: Re: DNS Server using heavily cpu

cabe49 · ‎02-04-2023

I have a 1921 router, which are being used as DNS server.

Over time the DNS cache reaches typically around 4-5000 entries, and the process begins to use cpu heavily around 95 %.
As an intermediate solution I have made a EEM script which monitors SYS-3-CPUHOG in the log, and do a

clear host *.

But why is this happen suddenly - the router have been run ning for several years without problems.

Thanks for your time.

MHM Cisco World · ‎02-04-2023

why you not use external Server ??

View solution in original post

balaji.bandi · ‎02-04-2023

To be honest Cisco router not a full level of DNS Server (and that too lower end model)

You have 2 Options

1. If you do not need DNS Server (not sure what is the need here) use google DNS

2. you already have the option of EEM Script clear host * ( you can lower the time of EEM Script watchdog timers )

if this impacting performance - the suggest to use Public DNS.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Georg Pauwen · ‎02-04-2023

Hello,

how old is the router, and what IOS version are you running ? Since the router is end of life/end of sale as of 2018, it is probably quite old, and running (I am guesing) a 15.x IOS. The problem could be caused by memory leaking. Instead of clearing the host table, I would suggest to occasionally reboot the device, and check if that makes a difference.

cabe49 · ‎02-04-2023

Yoy’re right, its suite Old - I dont know the exact age. Its running 15.0.

I have been collecting some statistics every 5 min, and can observe that in the time up to cpu hog the DNS cache entries increases with around 100 per minute.
DNS attach?

This also happens at times where no users are at work.

And can happen more than one time during a day.

MHM Cisco World · ‎02-04-2023

show hosts

<<- can I see this ?

balaji.bandi · ‎02-04-2023

Make sure you have IP CEF enabled.

Also, can you post a sample output of

show the process CPU sorted and show process CPU | ex 0.00

if possible post-DNS configuration. if this acts as a DNS Server limit with ACL only Local IP use as DNS Queries and allows from router to go out to root DNS, check if that may be helpful.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

cabe49 · ‎02-04-2023

IP chef is enabled.

Attached are output of desired commands.

Thanks for your time.

MHM Cisco World · ‎02-04-2023

why you not use external Server ??

cabe49 · ‎02-04-2023

Most of my devices gets ip through DHCP.

Should I just change the DHCP pool - dns-server 8.8.8.8 8.8.4.4 (or any other external):

p dhcp pool Pool1
import all
network 192.168.1.0 255.255.255.0
dns-server 192.168.1.1 8.8.8.8
default-router 192.168.1.1

and disable dns server:

no ip dns server

MHM Cisco World · ‎02-04-2023

dns-server  8.8.8.8 192.168.1.1 <<- try this and not disable ip dns server,

this I think make Client use 8.8.8.8 then if failed it will used your router (GW).

balaji.bandi · ‎02-04-2023

To be honest Cisco router not a full level of DNS Server (and that too lower end model)

You have 2 Options

1. If you do not need DNS Server (not sure what is the need here) use google DNS

2. you already have the option of EEM Script clear host * ( you can lower the time of EEM Script watchdog timers )

if this impacting performance - the suggest to use Public DNS.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hoffmanheath903 · ‎02-04-2023

I have a similar problem.

balaji.bandi · ‎02-04-2023

follow same suggestion. or uplift the model to latest or offload DNS to Rasberry Pi (pi-hole)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎02-05-2023

"But why is this happen suddenly - the router have been run ning for several years without problems."

Yea, no doubt that's true, but it could be something as simple as your users are more active, and/or some new application, creating even more DNS requests than years past. Possibly the proverbial straw that breaks the camel's back.

I was just examining 15.x M&T DNS documentation. Didn't find any commands to control DNS cache.

Depending what specific 15.x version you're on, moving to the latest (or final) release in your train, or moving to a later 15.x version, might deal with this issue better (if you can still obtain either). However, like many of the other posters, using your 1921 for a somewhat busy (?) DNS server, is probably not an ideal situation. I.e. move the DNS function off it.

Since you've found using an EEM script, clearing the DNS cache works well, rather than waiting just on a CPU hog message, you might also have an EEM script clear your DNS cache, once daily, ideally when router least used. (I.e. the purpose of clearing cache daily, is to avoid the router getting to a CPU hog point.)

If you wanted to try to further identify why cache is filling up, showing the contents of the DNS cache (show hosts), might help with such analysis.

balaji.bandi · ‎02-05-2023

@Joseph W. Doherty one of the post-op have provided the full output of

show host

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎02-05-2023

@Joseph W. Doherty one of the post-op have provided the full output of

show host

Thanks @balaji.bandi , I missed seeing that.

Looking at that hosts listing, though, I wonder about some of the IPs (e.g.: 104.40.191.174, 51.104.28.80, 165.160.13.20, 165.160.15.20, etc.) that list so many DNS names and/or the group of DNS names using a local loopback IP (127.0.0.1).