9.3.5-P1 now issues "socket: too many open file descriptors"

afbtasa at gmail.com afbtasa at gmail.com
Sat Jul 12 21:16:58 UTC 2008


On 10 jul, 15:12, robert <rob... at spin.net.uky.edu> wrote:
> FYI,
>
> I'm looking forward to the optimized releases since trying
> out 9.3.5-P1 and 9.5.1b1.  For us 9.5.1b1 seems to be the most reasonable.
> Perhaps the other releases would do better, havn't tried those.
>
> Bind 9.5.1b1 performs better for us than 9.3.5-P1 on Solaris 9/10 here.  
> Bind 9.5.1b1 seems to be running roughly two times plus hotter
> in terms of cpu, Bind 9.3.5-P1 was roughly ~12x more for us when
> pre-testing over a period of hours. We also needed to adjust the
> max file descriptors limit (ulimit -n) to 1024 since the default was 256.
>
> Robert
>
>
>
> >X-Original-To: bind-us... at webster.isc.org
> >Date: Thu, 10 Jul 2008 08:25:52 -0700
> >From: JINMEI Tatuya / 神明達哉 <Jinmei_Tat... at isc.org>
> >To: Ed Ravin <era... at panix.com>
> >Cc: bind-us... at isc.org
> >Subject: Re: 9.3.5-P1 now issues "socket: too many open file descriptors"
> >User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.1 Mule/5.0 (SAKAKI)
> >MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
> >Content-Transfer-Encoding: 8bit
> >List-unsubscribe: <mailto:bind-users-requ... at isc.org?Subject=unsubscribe>
> >List-Id: <bind-users.isc.org>
> >X-List-ID: <bind-users.isc.org>
>
> >At Thu, 10 Jul 2008 09:54:11 -0400,
> >Ed Ravin <era... at panix.com> wrote:
>
> >> It is curently using between 320 and 377 file descriptors, and still
> >> sometimes peaks over 512 and issues the error above.
>
> >> This is big difference in resource consumption - is this related to
> >> the security fix?  Is this intentional?
>
> >Yes and yes.  To (substantially) reduce the risk of accepting forged
> >response by guessing/blue-forcing UDP source ports, the latest patch
> >versions use a different UDP socket bound to random ports for
> >different queries.
>
> >> What's the impact when named has too many file descriptors open?  Do
> >> queries get dropped?
>
> >Queries won't be dropped simply because it opens many UDP sockets.
> >But the overall load of the server will (possibly significantly) be
> >increased due to scalability problems of the underlying socket API.
> >If the increased load excesses the capacity to handle your normal
> >queries, they will be dropped as a result.  9.4.3b2 and 9.5.0b3 (and
> >9.3.6b1 which will be released shortly) use more efficient API (when
> >available - covering at least BSDs, Linux and Solaris) and should be
> >much more lightweight.
>
> >---
> >JINMEI, Tatuya
> >Internet Systems Consortium, Inc.

After update BIND we are seeing that the number of queries increase
from the days before we installed the patch.
Is it normal? Did your notice the same thing? Is it related that bind
is using more UDP ports?


More information about the bind-users mailing list