URGENT, PLEASE READ: 9.5.0-P1 now available
Emery Rudolph
emery.rudolph at gmail.com
Thu Jul 31 18:07:30 UTC 2008
Thanks for the response Jinmei,
On Wednesday I upgraded the primary server to P1 and although it is
experiencing the same base error of "too many file descriptors", it is on
much more robust hardware with 32-cores, so the overall system utilization
doesn't exceed 6% at its heaviest load. So the problem I am having with the
older hardware is that it simply cannot handle the threads for the P1 code
bug.
As the ISC president said, the P2 code should be out at the end of this
week, so I am going to move the secondary server to a new 32-core server
with the new P2 code next week. This should put us in a good place.
As an aside, I am confused if the Moore exploit issue is the same as the
cache vulnerability issue? From what I have read so far, Moore developed a
mechanism for exploiting the cache poisoning problem - or am I incorrect?
Emery Rudolph
On Tue, Jul 29, 2008 at 5:05 PM, JINMEI Tatuya / �$B?@L at C#:H�(B <Jinmei_Tatuya at isc.org
> wrote:
> At Mon, 28 Jul 2008 21:27:16 -0400,
> "Emery Rudolph" <emery.rudolph at gmail.com> wrote:
>
> > My two nameservers have been operating for more than two years and are
> > thoroughly monitored. I can tell you with all confidence, proof and
> > definitive resolve that neither servers cpu has exceeded 5% utilization
> in
> > all of that time. Upon upgrading the secondary server, the cpu now hovers
> > between 60% -> 80%. The problem is strictly the BIND code.
>
> I didn't say it's not the BIND code that caused the errors. I'm sure
> it is. But it's also very strange to me that a server that has a
> reasonable network connectivity and only receives a moderate rate of
> queries encounters such a drastic change. At the moment I have no
> theory in my mind about how exactly this happened on your instance of
> server. Hopefully the next patch P2 will mitigate the issue.
>
> > Was the code changed so that named opens a pool of random UDP ports for
> use
> > in answering these queries?
>
> It doesn't pool sockets. It opens a new socket bound to a randomly
> chosen UDP port for each outgoing query.
>
> ---
> JINMEI, Tatuya
> Internet Systems Consortium, Inc.
>
More information about the bind-users
mailing list