Re: QTOBDNS - disk busy percent

If you aren't using the DNS server on your IBM i, why not just turn it
off:

    ENDTCPSVR  *DNS

Rich Loeber
Kisco Information Systems
[1]http://www.kisco.com

--------------------------------------------------------------------------

On 5/17/2019 3:53 PM, Rob Berendt wrote:

DNS stuff is served up by
Resource
ID Option Feature Description
5770SS1 31 5050 Domain Name System

It is an optional part of the OS. Really optional, like, if you are already running DNS in your environment on another platform such as Windows then you really do not need it running on your IBM i.

If you remove it you will lose some commands that are helpful from a client perspective, such as NSLOOKUP. I submitted a RFE to unbundle the client from the server was it was rejected.

I have removed it from all of our machines which are in our DMZ. The problem is that while IBM claims to diligently address CVE's (known internet hacks) with PTF's they always are way behind on bind levels and cause us to fail audits. It's popular to hack, get your PTF's on.

If you do not need it, but do not want to remove it, ensure that it is set to not start when TCP/IP is started. See [2]https://imgur.com/Jydok8P


-----Original Message-----
From: MIDRANGE-L [3]<midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of T. Adair
Sent: Friday, May 17, 2019 3:34 PM
To: [4]midrange-l@xxxxxxxxxxxxxxxxxx
Subject: QTOBDNS - disk busy percent

One night this week our System i went from averaging 0-3% busy on all disks (which is normal) to 30-50% busy and stayed there. This destroyed our response time, making the system barely usable.

For 2½ days we tried everything we could think of, all to no avail. Our CPU utilization was fine, our disk space was fine, there were no 'runaway' jobs, etc. Our disks were simply getting hammered. We brought in our BP and he adjusted our memory allocation, moving memory from two unused partitions, and that helped tremendously. Our page faulting was within normal expectations, so why would additional memory help?

But here's my real question. While searching for the culprit, I ran across a system (QTCP) job, QTOBDNS. I was surprised at how much CPU it was taking so I checked its job log. There were hundreds (if not
thousands) of entries that really concern me. Example...:
mixpanel.com
aniview.com
d.turn.com
brealtime.com
akamaiedge.com
rubiconproject.com
googleapis.com
taboola.com
(you get the idea)

I have a basic understanding of what a DNS does but this really seems strange. Could this job be the source of our original problem? And here's the question I hate to ask, but need to: is it possible we've been hacked?

We're currently on 7.2. And no, we're not up-to-date on PTFs.

Thanks in advance for any thoughts on this.

~TA~

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: [5]MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: [6]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: [7]MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at [8]https://archive.midrange.com/midrange-l.

Please contact [9]support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: [10]https://amazon.midrange.com

References

Visible links
1. http://www.kisco.com/
2. https://imgur.com/Jydok8P
3. mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx
4. mailto:midrange-l@xxxxxxxxxxxxxxxxxx
5. mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx
6. https://lists.midrange.com/mailman/listinfo/midrange-l
7. mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
8. https://archive.midrange.com/midrange-l
9. mailto:support@xxxxxxxxxxxx
10. https://amazon.midrange.com/