ISC BIND 9.3.5-P2 is now available

The Doctor doctor at doctor.nl2k.ab.ca
Sun Aug 3 12:53:51 UTC 2008 

On Sun, Aug 03, 2008 at 12:24:28AM -0700, JINMEI Tatuya / ?$B?@L at C#:H wrote:
> At Sat, 2 Aug 2008 11:21:47 -0600,
> The Doctor <doctor at doctor.nl2k.ab.ca> wrote:
> > 
> > Bug!!
> > 
> > I do not see this in the P1, but is plaguing the P2s:
> 
> > Aug  2 11:15:25 doctor named[14742]: starting BIND 9.3.5-P2
> > Aug  2 11:15:25 doctor named[14742]: found 1 CPU, using 1 worker thread
> > Aug  2 11:15:25 doctor named[14742]: loading configuration from '/etc/named.conf'
> > Aug  2 11:15:25 doctor named[14742]: listening on IPv4 interface em0, 204.209.81.1#53
> > Aug  2 11:15:25 doctor named[14742]: socket.c:485: unexpected error:
> > Aug  2 11:15:25 doctor named[14742]: fcntl(512, F_SETFL, -1): Bad file descriptor
> 
> Try specifying a small value such as 32 for the reserved-sockets
> option:
> 
> options {
> 	reserved-sockets 32;
> 	...
> };
> 
> But, even if this seemingly solves this error, I suspect the above
> error indicates that your OS has a fundamental limitation on the
> number of file descriptors and will soon trigger a different type of
> trouble.  If you've not done this yet, I'd suggest you check the OS
> capability with the tool I posted a few days ago, which is available
> at http://www.jinmei.org/selecttest.tgz
>

Interesting.  Here is what I have found:

doctor.nl2k.ab.ca//usr/source/selecttest$ ./selecttest
selecttest: nsocks = 4093, TEST_FDSETSIZE = -1, FD_SETSIZE = 1024, sizeof fd_set
 = 128
opening 62th socket failed: Too many open files
doctor.nl2k.ab.ca//usr/source/selecttest$ ./selecttest -h
selecttest: nsocks = 4093, TEST_FDSETSIZE = -1, FD_SETSIZE = 1024, sizeof fd_set
 = 128
selecttest: illegal option -- h
usage: selecttest [-r] [num_sockets]
You have new mail in /var/mail/root
doctor.nl2k.ab.ca//usr/source/selecttest$ ./selecttest -r
selecttest: nsocks = 4093, TEST_FDSETSIZE = -1, FD_SETSIZE = 1024, sizeof fd_set
 = 128
created 4093 sockets, maxfd = 4095
FD_CLR test...OK
FD_SET test...OK
select test...OK
doctor.nl2k.ab.ca//usr/source/selecttest$ ./selecttest 64
selecttest: nsocks = 4093, TEST_FDSETSIZE = -1, FD_SETSIZE = 1024, sizeof fd_set
 = 128
opening 62th socket failed: Too many open files
doctor.nl2k.ab.ca//usr/source/selecttest$ ./selecttest -r 64
selecttest: nsocks = 4093, TEST_FDSETSIZE = -1, FD_SETSIZE = 1024, sizeof fd_set
 = 128
created 64 sockets, maxfd = 66
FD_CLR test...OK
FD_SET test...OK
select test...OK
doctor.nl2k.ab.ca//usr/source/selecttest$ ./selecttest
selecttest: nsocks = 4093, TEST_FDSETSIZE = -1, FD_SETSIZE = 1024, sizeof fd_set
 = 128
opening 62th socket failed: Too many open files
doctor.nl2k.ab.ca//usr/source/selecttest$ ./selecttest 64
selecttest: nsocks = 4093, TEST_FDSETSIZE = -1, FD_SETSIZE = 1024, sizeof fd_set
 = 128
opening 62th socket failed: Too many open files                      

As you were saying.
 
> One more thing: as already pointed out, if you specify a specific port
> using query-source:
> 
> > Aug  2 11:15:25 doctor named[14742]: /etc/named.conf:60: using specific query-source port suppresses port randomization and can be insecure.
> 
> you effectively disable any security feature of P1 or P2 or recent
> beta versions.  Using these versions with a specific port doesn't
> provide anything new and is meaningless.
>

GRR!! I need to get rid of this!

I tried and then named would not start!
 
> ---
> JINMEI, Tatuya
> Internet Systems Consortium, Inc.

-- 
Member - Liberal International	
This is doctor at nl2k.ab.ca	Ici doctor at nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising!  
USA petition for dissolution of your nation!

More information about the bind-users mailing list