bind 9.16 vs. 9.14 tcp client connections
Michael McNally
mcnally at isc.org
Fri Mar 6 01:52:46 UTC 2020
On 3/5/20 4:34 AM, Ondřej Surý wrote:
>> On 5 Mar 2020, at 10:11, Arsen STASIC <arsen.stasic at univie.ac.at> wrote:
>>
>> Hi,
>>
>> Bind 9.16 was installed on 3/2 15:45 and tcp connections ramped up to maximum:
>> rndc status | grep -i tcp
>> tcp clients: 102/150
>> TCP high-water: 150
>>
>> Switching back to bind 9.14 on 3/4 15:45 shows "normal" tcp client behavior:
>> rndc status | grep -i tcp
>> tcp clients: 29/150
>> TCP high-water: 67
>>
>> I have found some tcp related changes in the later versions of 9.15
<https://ftp.isc.org/isc/bind/9.16.0/CHANGES>,>> but nothing which is explaining this kind
of behaviour.
>>
>> Has someone else experienced this too?
>
> Hi Arsen,
>
> we think you are hitting a problem that was reported to us earlier. Since it
> has been now circulated on the bind-users, we made the merge request public:
>
> https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3163
>
...
>
> ISC will be issuing a proper Operational Notification later this week
> and the fix will be included in BIND 9.16.1 due in March.
>
> Sorry for the inconvenience.
Hello --
Subscribers who are also subscribed to the bind-announce list will now
have received our Operational Notification concerning this issue.
If you're not a subscriber to that list.. why not? (it's low
traffic and only carries important announcements, generally about releases
and security issues). But in any case you can view the Operational Notification
via the list archives:
https://lists.isc.org/pipermail/bind-announce/2020-March/001150.html
or via our knowledge base:
https://kb.isc.org/docs/operational-notification-an-error-in-handling-tcp-client-quota-limits-can-exhaust-tcp-connections-in-bind-9160
The short version, though, is that we introduced a problem with TCP client
quota enforcement during the later releases of the 9.15 development branch
which was not noticed until 9.16.0. A fix is available and a patch diff can
be found linked from either version of the Operational Notification links
above.
Apologies,
Michael McNally
ISC Support
More information about the bind-users
mailing list