Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How can I get rid of the large named.run files?

Discussion in 'Bind/DNS/Nameserver' started by jols, Feb 1, 2012.

Page 1 of 2
  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    I never received a response to the post I made over 500 days ago about this (and this forum would not allow me to update the thread with another request for information), and now I have named.run files that are well over a GB on more than one server, i.e. they are eating up a lot of valuable space.

    I'd like to know if I could just comment out the logging lines in /etc/named.conf (see below) and then remove the very large named.run files? Or is there some other method of switching off named logging and then SAFELY removing the named.run files?

    I have read elsewhere that there is no sense in running named in debug mode unless there are issues with BIND. And we have no issues with this, so now, how can I safely get rid of the named.run files?

    --------------
    logging {
    /* If you want to enable debugging, eg. using the 'rndc trace' command,
    * named will try to write the 'named.run' file in the $directory (/var/named").
    * By default, SELinux policy does not allow named to modify the /var/named" directory,
    * so put the default debug log file in data/ :
    */
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };
     
    #1 jols, Feb 1, 2012
  2. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    Anyone have the answer to this?
     
    #2 jols, Feb 1, 2012
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 Infopro, Feb 1, 2012
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    Thanks much.

    I just want to verify that this will work with the cPanel system, and I won't end up damaging bind/named.

    -----------
    A safer way to do this is the following:

    1. delete named.run (can be in /var/named, /var/cache/bind, etc, depending on the flavor of Linux).
    2. "rndc notrace" to disable debug in bind
    3. "rndc reload" to reopen file handles.
    -----------

    1, 2, 3, and that's it. Right?

    Thanks again.
     
    #4 jols, Feb 1, 2012
  5. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    The thing that gets me here, is why are only some of our servers running bind in debug mode while others are not.

    So if I run "rndc notrace", and "rndc reload" will I have to do this everytime the sever reboots to keep named from going into debug mode?

    Looks like I will need to fill out a cpanel.net trouble ticket for this one, I was hoping to avoid that.
     
    #5 jols, Feb 1, 2012
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Is bind running in chroot on the machines where bind has debugging set to on?

    Code:
    ps aux | grep named
    Also, you can see if you have it chroot in /etc/sysconfig/named file.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelTristan, Feb 2, 2012
  7. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Sorry for picking up a 4 month old thread, but am looking for some guidance on the same problem. Have a 2.8GB named.run file on one of our boxes. bind is running as 'named'. The /etc/sysconfig/named file has all lines commented out.

    The questions in posts #4 and #5 seem unanswered. Is it OK to run the rndc nodebug and rndc reload, or is there a better "cpanel way" to do it? Will we have to remember to do this upon every reboot?

    Thanks!

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 sneader, Jun 3, 2012
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello Scott,

    Before I go into that section, can we check your /etc/named.conf configuration? What do you show for the following:

    Code:
    grep named.run /etc/named.conf
    After you get that return, could you look at the file and post the section around it as well? I just want to make sure that you show the same configuration that is mentioned previously by jols.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelTristan, Jun 4, 2012
  9. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    /etc/named.conf

    Code:
    logging {
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named").
 *      By default, SELinux policy does not allow named to modify the /var/named" directory,
 *      so put the default debug log file in data/ :
 */
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 sneader, Jun 4, 2012
  10. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    42
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    This configuration is put in place by scripts/rebuilddnsconfig (it may also be part of the standard Red Hat configuration, but I didn't check). I filed a case with development to look into this matter. The case number is 59777.

    On a test system I noted mundane actions like restarting named resulting in data being added to this file. Per the comment preceding the directive it seems this logging should only be used in select circumstances. Right now it appears to be duplicating what gets written to /var/log/messages.

    I have no suggested fixes or work arounds at this time.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 cPanelKenneth, Jun 4, 2012
  11. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Thanks for digging into this, Kenneth! Short of a fix or work-around, can you suggest any damage control? i.e. can I simply delete this file once in a while?

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #11 sneader, Jun 4, 2012
  12. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    42
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    Since it is a log file it should be safe to remote or truncate. You should also be able to add a logrotate configuration for it to /etc/logrotate.d/named. The following seems to work

    Code:
    /var/named/data/named.run {
    daily
    dateext
    missingok
    create 0644 named named
    postrotate
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #12 cPanelKenneth, Jun 4, 2012
  13. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,154
    Likes Received:
    38
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Beautiful, thank you!

    - Scott
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #13 sneader, Jun 4, 2012
  14. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello Kenneth

    we have same problem, with named.run over 1,5 GB

    our named.run is in other location
    /var/named/chroot/var/named/data/named.run

    could use your code at the same ?

    Code:
    /var/named/chroot/var/named/data/named.run {
    daily
    dateext
    missingok
    create 0644 named named
    postrotate
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}
    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #14 webstyler, Feb 14, 2013
  15. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    Or how about this for a more manual approach, when you notice named.run is getting too large:

    cd /var/named/data
    cat /dev/null > named.run

    After all, this is only a log file, right?
     
    #15 jols, Feb 14, 2013
  16. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    any update ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #16 webstyler, Mar 29, 2013
  17. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There is no update to the internal case mentioned by Ken (#59777) at this time to report.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #17 Infopro, Mar 29, 2013
  18. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Sorry, I refer to this post

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #18 webstyler, Mar 29, 2013
  19. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello webstyler,

    cPanel doesn't support bind in chroot and we even add an exclude in /etc/yum.conf for bind-chroot, so we wouldn't add a check for removing those files, since they aren't the advised setup.

    In this instance, you should remove the chroot for bind in /etc/sysconfig/named file by removing that line at the bottom of the file setting a chroot for it (just comment out the line or remove it), then restart named.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #19 cPanelTristan, Mar 29, 2013
  20. webstyler

    webstyler Well-Known Member

    Joined:
    Nov 20, 2003
    Messages:
    439
    Likes Received:
    0
    Trophy Points:
    166
    Hello Tristan

    Thanks x suggest

    We have removed from /etc/sysconfig/named the row "ROOTDIR=/var/named/chroot" and restart named

    now see a new named.run
    /var/named/data/named.run

    so we can safely delete old, right ?
    /var/named/chroot/var/named/data/named.run

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #20 webstyler, Mar 30, 2013
(You must log in or sign up to post here.)
Page 1 of 2
Loading...
Similar Threads - large named files
  1. rdgonzalez

    The system has detected an unusually large amount of outbound email.

    rdgonzalez, Jul 30, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    72
    cPanelMichael
    Jul 31, 2018
  2. David_spm

    Unable to stop large xmlrpc spam attack

    David_spm, Jul 24, 2018, in forum: Security
    Replies:
    6
    Views:
    168
    cPanelMichael
    Jul 27, 2018
  3. Hedloff

    Horde generating large number of cache files

    Hedloff, Apr 23, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    246
    Hedloff
    Apr 23, 2018
  4. rclemings

    SOLVED [CPANEL-20917] Exclude users from "Large Amount of Outbound Email Detected" notification

    rclemings, Apr 3, 2018, in forum: E-mail Discussion
    Replies:
    12
    Views:
    687
    cPanelMichael
    Aug 7, 2018
  5. webmasteryoda

    High CPU when copying large files

    webmasteryoda, Mar 31, 2018, in forum: General Discussion
    Replies:
    6
    Views:
    171
    cPanelMichael
    Apr 16, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice