Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'DirectoryService high CPU utilization' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
DirectoryService high CPU utilization
Authored by: guns on Jul 16, '10 03:08:31AM

Thanks for your hint!

Apple moved moved DNS lookups to the DirectoryService daemon in Snow Leopard, and since then I've noticed the same problem with the high %CPU.

For those who say that they don't notice the hit, try refreshing 200+ feeds from an RSS reader while keeping an eye on the CPU. The drag on the system caused by DirectoryService grepping the /etc/hosts file for _every_ domain lookup is quite obvious then, but the little hits from every-day browsing also add up to quite a bit.

I tried to resolve it :), like you, by installing a local nameserver, but I installed unbound, which is a very powerful recursive DNS server. It was a bit too powerful though, and it was clear that it was optimized for extremely heavy workloads on the public internet, aggressively caching and generally not staying as quiescent as I hoped.

So I went unhappily back to the hosts file. Luckily I ran across your hint today and installed dnsmasq from source. It's perfect, and exactly what I was erroneously looking for from unbound.

You should note, though, that people who use the hosts file for adblocking should take the following steps for the best results:

  • Remove all the adblocking rules from /etc/hosts, move them to /usr/local/etc/hosts, and then add the following to dnsmasq.conf:
    This prevents DirectoryService from ever scanning through the adblock list, which may still happen depending on how the DNS forwarding is set up. Dnsmasq loads the hosts file once on load (or SIGHUP) and keeps it in memory, so it is much more efficient.

  • Also, these lines should be defined in dnsmasq.conf:
    The cache-size is the number of domains that dnsmasq will keep in its cache. 65536 is just a nice round value; it could be anything.

    local-ttl is the Time-To-Live to return for domains in the hosts file, which by default is 0 seconds!

    This is the correct behavior for people who use the hosts file as it was intended, but for people who use it to block ads, it would be sensible to have a long timeout on the query results from the hosts file. 86400 is one day. There wouldn't be anything wrong with increasing that to one week if you felt like it.

So thanks again. I'm feeling much happier with this setup.

[ Reply to This | # ]