9.3.5-P1 now issues "socket: too many open file descriptors"
JINMEI Tatuya / 神明達哉
Jinmei_Tatuya at isc.org
Thu Jul 10 15:25:52 UTC 2008
At Thu, 10 Jul 2008 09:54:11 -0400,
Ed Ravin <eravin at panix.com> wrote:
> It is curently using between 320 and 377 file descriptors, and still
> sometimes peaks over 512 and issues the error above.
>
> This is big difference in resource consumption - is this related to
> the security fix? Is this intentional?
Yes and yes. To (substantially) reduce the risk of accepting forged
response by guessing/blue-forcing UDP source ports, the latest patch
versions use a different UDP socket bound to random ports for
different queries.
> What's the impact when named has too many file descriptors open? Do
> queries get dropped?
Queries won't be dropped simply because it opens many UDP sockets.
But the overall load of the server will (possibly significantly) be
increased due to scalability problems of the underlying socket API.
If the increased load excesses the capacity to handle your normal
queries, they will be dropped as a result. 9.4.3b2 and 9.5.0b3 (and
9.3.6b1 which will be released shortly) use more efficient API (when
available - covering at least BSDs, Linux and Solaris) and should be
much more lightweight.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list