URGENT, PLEASE READ: 9.5.0-P1 now available
JINMEI Tatuya / 神明達哉
Jinmei_Tatuya at isc.org
Thu Jul 24 23:10:03 UTC 2008
At Thu, 24 Jul 2008 17:18:48 -0500,
Walter Gould <gouldwp at auburn.edu> wrote:
> > Thanks - using a larger FD_SETSIZE seems to have worked. I set the
> > #define __FD_SETSIZE in /usr/include/linux/posix_types.h to 4096,
> > saved and recompiled named and now named is not crashing as it was
> > before with the "too many open files" error.
> >
> > Thanks for your help,
> > Walter
> I guess I spoke too soon. The upgraded BIND 9.5.0-P1 that I compiled
> yesterday (with the increased FD_SETSIZE) has crashed a few times
> today. I received the same "Too many open files" error that I had been
> seeing. Also, when I ran lsof, the number of named sockets or file
> descriptors (?) was around 1000. Shouldn't it have been ok since I
> increases the FD_SETSIZE to 4096?
First off, what do you mean by crash? Did the process die? With or
without a core?
Second, 9.5 itself is not fully matured yet. If you need stability,
I'd recommend 9.4.2-P1.
Third, increasing FD_SETSIZE may not work for all OSes. You should
check whether your OS really allows such dynamic configuration
separately (e.g., by writing a small test program).
> I tried restarting it, but shortly after, it crashed again. I am
> wondering if running 9.5.0 is safe to run if we are not allowing
> recursive lookups? When I run the dig @nameserver +short
> porttest.dns-oarc.net TXT test against it, I receive:
> dig @nameserver_ip +short porttest.dns-oarc.net TXT
> z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
> "nameserver_ip is GOOD: 26 queries in 1.9 seconds from 7 ports with std
> dev 22442.25"
Pure 9.5.0 is not safe. It simply uses a small pool of query ports,
which just happened to deceive the porttest tool successfully.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list