URGENT, PLEASE READ: 9.5.0-P1 now available

JINMEI Tatuya / 神明達哉 Jinmei_Tatuya at isc.org
Thu Jul 24 23:10:03 UTC 2008


At Thu, 24 Jul 2008 17:18:48 -0500,
Walter Gould <gouldwp at auburn.edu> wrote:

> > Thanks - using a larger FD_SETSIZE seems to have worked. I set the 
> > #define __FD_SETSIZE in /usr/include/linux/posix_types.h to 4096, 
> > saved and recompiled named and now named is not crashing as it was 
> > before with the "too many open files" error.
> >
> > Thanks for your help,
> > Walter

> I guess I spoke too soon.  The upgraded BIND 9.5.0-P1 that I compiled 
> yesterday (with the increased FD_SETSIZE) has crashed a few times 
> today.  I received the same "Too many open files" error that I had been 
> seeing.  Also, when I ran lsof, the number of named sockets or file 
> descriptors (?) was around 1000.  Shouldn't it have been ok since I 
> increases the FD_SETSIZE to 4096?

First off, what do you mean by crash?  Did the process die?  With or
without a core?

Second, 9.5 itself is not fully matured yet.  If you need stability,
I'd recommend 9.4.2-P1.

Third, increasing FD_SETSIZE may not work for all OSes.  You should
check whether your OS really allows such dynamic configuration
separately (e.g., by writing a small test program).

> I tried restarting it, but shortly after, it crashed again.  I am 
> wondering if running 9.5.0 is safe to run if we are not allowing 
> recursive lookups?  When I run the dig @nameserver +short 
> porttest.dns-oarc.net TXT test against it, I receive:
> dig @nameserver_ip +short porttest.dns-oarc.net TXT
> z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
> "nameserver_ip is GOOD: 26 queries in 1.9 seconds from 7 ports with std 
> dev 22442.25"

Pure 9.5.0 is not safe.  It simply uses a small pool of query ports,
which just happened to deceive the porttest tool successfully.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.


More information about the bind-users mailing list