BIND 9.16.25 "file descriptor exceeds limit" messages

Ondřej Surý ondrej at isc.org
Fri Jan 28 13:47:35 UTC 2022 

Hi Anand,

what is your open files limit before starting the server?

(ulimit -n)

Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 28. 1. 2022, at 14:33, Anand Buddhdev <anandb at ripe.net> wrote:
> 
> I just tried to start BIND 9.16.25 on a server with 88 vCPUs, running CentOS 7. Systemd is used to start BIND, and it emits the following:
> 
> general: notice: starting BIND 9.16.25 (Extended Support Version) <id:3e14423>
> general: notice: running on Linux x86_64 3.10.0-1160.24.1.el7.x86_64 #1 SMP Thu Apr 8 19:51:47 UTC 2021
> general: notice: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/named' '--disable-static' '--with-libtool' '--with-pic' '--without-python' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
> general: notice: running as: named -f -L /var/log/named/named.log -u named
> general: notice: compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-44)
> general: notice: compiled with OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017
> general: notice: linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017
> general: notice: compiled with zlib version: 1.2.7
> general: notice: linked to zlib version: 1.2.7
> general: notice: adjusted limit on open files from 4096 to 1048576
> general: info: found 88 CPUs, using 88 worker threads
> general: info: using 88 UDP listeners per interface
> general: info: using up to 21000 sockets
> network: info: listening on IPv4 interface lo, 127.0.0.1#53
> ...
> network: info: listening on IPv6 interface lo, ::1#53
> ...
> general: info: sizing zone task pool based on 5486 zones
> ...
> general: notice: command channel listening on 127.0.0.1#953
> general: info: configuring command channel from '/etc/named/rndc.key'
> general: error: socket: file descriptor exceeds limit (46474/21000)
> general: notice: couldn't add command channel ::1#953: not enough free resources
> ...
> 
> The server has many IP addresses. In named.conf, there are 129 IPv6 addresses in the "listen-on-v6" option and 128 IPv4 addresses in the "listen-on" option. The server begins running, but then repeatedly emits this log:
> 
> general: error: socket: file descriptor exceeds limit (46474/21000)
> 
> If I start named with "-n 8 -U 16", then I don't see these messages. Does ISC have any guidance on running BIND on systems with lots of processors, and how to tune the values of "-n" and "-U"? The values I'm using now (8 and 16 respectively) were determined by trial and error for a system with 32 vCPUs.
> 
> Regards,
> Anand
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list