file descriptor exceeds limit
/dev/rob0
rob0 at gmx.co.uk
Fri Jun 19 19:55:23 UTC 2015
On Thu, Jun 18, 2015 at 11:11:16PM +0000,
Mike Hoskins (michoski) wrote:
> On 6/18/15, 7:09 PM, "Stuart Browne"
> <Stuart.Browne at bomboratech.com.au> wrote:
>
> >Just wondering. You mention you're using RHEL6; are you also
> >getting messages in 'dmesg' about connection tracking tables being
> >full? You may need some 'NOTRACK' rules in your iptables.
>
> Just following along, for the record... On our side, iptables
> is completely disabled. We do that sort of thing upstream on
> dedicated firewalls.
There is a Knowledge Base article about this:
https://kb.isc.org/article/AA-01183/
Note that connection tracking can be a problem upstream as well, for
the same reasons as described in the article. I would still turn off
conntrack for UDP DNS upstream, unless you're using DNAT (yuck.)
> Just now getting time to reply to Cathy...more detail on that
> there.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users
mailing list