9.3.5-P1 now issues "socket: too many open file descriptors"
robert
robert at spin.net.uky.edu
Thu Jul 10 18:12:23 UTC 2008
FYI,
I'm looking forward to the optimized releases since trying
out 9.3.5-P1 and 9.5.1b1. For us 9.5.1b1 seems to be the most reasonable.
Perhaps the other releases would do better, havn't tried those.
Bind 9.5.1b1 performs better for us than 9.3.5-P1 on Solaris 9/10 here.
Bind 9.5.1b1 seems to be running roughly two times plus hotter
in terms of cpu, Bind 9.3.5-P1 was roughly ~12x more for us when
pre-testing over a period of hours. We also needed to adjust the
max file descriptors limit (ulimit -n) to 1024 since the default was 256.
Robert
>X-Original-To: bind-users at webster.isc.org
>Date: Thu, 10 Jul 2008 08:25:52 -0700
>From: JINMEI Tatuya / �$B?@L at C#:H�(B <Jinmei_Tatuya at isc.org>
>To: Ed Ravin <eravin at panix.com>
>Cc: bind-users at isc.org
>Subject: Re: 9.3.5-P1 now issues "socket: too many open file descriptors"
>User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.1 Mule/5.0 (SAKAKI)
>MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
>Content-Transfer-Encoding: 8bit
>List-unsubscribe: <mailto:bind-users-request at isc.org?Subject=unsubscribe>
>List-Id: <bind-users.isc.org>
>X-List-ID: <bind-users.isc.org>
>
>At Thu, 10 Jul 2008 09:54:11 -0400,
>Ed Ravin <eravin at panix.com> wrote:
>
>> It is curently using between 320 and 377 file descriptors, and still
>> sometimes peaks over 512 and issues the error above.
>>
>> This is big difference in resource consumption - is this related to
>> the security fix? Is this intentional?
>
>Yes and yes. To (substantially) reduce the risk of accepting forged
>response by guessing/blue-forcing UDP source ports, the latest patch
>versions use a different UDP socket bound to random ports for
>different queries.
>
>> What's the impact when named has too many file descriptors open? Do
>> queries get dropped?
>
>Queries won't be dropped simply because it opens many UDP sockets.
>But the overall load of the server will (possibly significantly) be
>increased due to scalability problems of the underlying socket API.
>If the increased load excesses the capacity to handle your normal
>queries, they will be dropped as a result. 9.4.3b2 and 9.5.0b3 (and
>9.3.6b1 which will be released shortly) use more efficient API (when
>available - covering at least BSDs, Linux and Solaris) and should be
>much more lightweight.
>
>---
>JINMEI, Tatuya
>Internet Systems Consortium, Inc.
>
>
More information about the bind-users
mailing list