BIND 9.16.25 "file descriptor exceeds limit" messages

Anand Buddhdev anandb at ripe.net
Fri Jan 28 13:33:12 UTC 2022 

I just tried to start BIND 9.16.25 on a server with 88 vCPUs, running 
CentOS 7. Systemd is used to start BIND, and it emits the following:

general: notice: starting BIND 9.16.25 (Extended Support Version) 
<id:3e14423>
general: notice: running on Linux x86_64 3.10.0-1160.24.1.el7.x86_64 #1 
SMP Thu Apr 8 19:51:47 UTC 2021
general: notice: built with '--build=x86_64-redhat-linux-gnu' 
'--host=x86_64-redhat-linux-gnu' '--program-prefix=' 
'--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' 
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' 
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' 
'--libexecdir=/usr/libexec' '--localstatedir=/var' 
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--sysconfdir=/etc/named' '--disable-static' 
'--with-libtool' '--with-pic' '--without-python' 
'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 
'LDFLAGS=-Wl,-z,relro ' 
'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
general: notice: running as: named -f -L /var/log/named/named.log -u named
general: notice: compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-44)
general: notice: compiled with OpenSSL version: OpenSSL 1.0.2k-fips  26 
Jan 2017
general: notice: linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017
general: notice: compiled with zlib version: 1.2.7
general: notice: linked to zlib version: 1.2.7
general: notice: adjusted limit on open files from 4096 to 1048576
general: info: found 88 CPUs, using 88 worker threads
general: info: using 88 UDP listeners per interface
general: info: using up to 21000 sockets
network: info: listening on IPv4 interface lo, 127.0.0.1#53
...
network: info: listening on IPv6 interface lo, ::1#53
...
general: info: sizing zone task pool based on 5486 zones
...
general: notice: command channel listening on 127.0.0.1#953
general: info: configuring command channel from '/etc/named/rndc.key'
general: error: socket: file descriptor exceeds limit (46474/21000)
general: notice: couldn't add command channel ::1#953: not enough free 
resources
...

The server has many IP addresses. In named.conf, there are 129 IPv6 
addresses in the "listen-on-v6" option and 128 IPv4 addresses in the 
"listen-on" option. The server begins running, but then repeatedly emits 
this log:

general: error: socket: file descriptor exceeds limit (46474/21000)

If I start named with "-n 8 -U 16", then I don't see these messages. 
Does ISC have any guidance on running BIND on systems with lots of 
processors, and how to tune the values of "-n" and "-U"? The values I'm 
using now (8 and 16 respectively) were determined by trial and error for 
a system with 32 vCPUs.

Regards,
Anand

More information about the bind-users mailing list