On 8/11/08, Steve Shockley <[EMAIL PROTECTED]> wrote: > Is anyone having issues between patched BIND and running out of file > descriptors? I saw the thread at > http://marc.info/?m=121711077022388, but that's somewhat > vague. > > The problem: I deployed two OpenBSD 4.3 BIND servers to replace a complex > series of Windows and other DNS servers on 7/26. The install included the > 004 patch. > > About 24 hours later, one of the servers (the primary) died. Named was > still running, the server was still accepting connections on port 53, but > never answering. This became a problem because several other servers > continued to use the primary instead of the secondary because the primary > was "answering" but timing out. Attempts to kill named were unsuccessful. > Load average was near zero. > > My first guess was that I ran out of file descriptors. An associate found > some Linux documentation for BIND somewhere that suggested 16384 files. > I've toyed with kern.maxfiles and login.conf, and I can't get the max files > anywhere near that, which probably implies I don't want to. > > So, my question is, how can I configure this box to avoid this problem? > What is a reasonable kern.maxfiles for a moderately busy DNS caching > resolver? Is errata 005 really the answer I'm looking for, even though I > don't use IPv6?
The new BIND can very fd hungry. Part of the openbsd patch was to change it to support select over more than 1024 descriptors to give you some idea. You definitely want errata 05, unless you built a kernel without INET6 support. It doesn't really affect fd limits, but it will cause problems.
