BIND listen backlog too small
Shawn Zhou
shawnzhou00 at yahoo.com
Thu Oct 16 21:21:31 UTC 2014
Hello,
While I was investigating potential SYN flooding warning messages on my Linux box for our DNS traffic,I was very surprised to see the backlog was set to very small numbers for BIND tcp sockets.
strace showed backlog was '10' for listening socket for port 53 and '128' for listening socket for port 953 (rdnc traffic).
I've restarted BIND after I updated somaxconn but BIND didn't pick up the value.
Why doesn't BIND set the backlog to a huge number and let OSes reduce it to whatever somaxconn is? Or just set backlog to whatever is is set for somaxconn?
[x at h1:~ 21:11:49]$ sysctl net.core.somaxconnnet.core.somaxconn = 16384
[x at h1:~ 21:10:40]$ grep -C 2 -w listen bind.strace*bind.strace.6692-setsockopt(20, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0bind.strace.6692-bind(20, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0bind.strace.6692:listen(20, 10) = 0bind.strace.6692-mprotect(0x7ff1c81bb000, 32768, PROT_READ|PROT_WRITE) = 0bind.strace.6692-mprotect(0x7ff1c81c3000, 12288, PROT_READ|PROT_WRITE) = 0--bind.strace.6692-setsockopt(21, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0bind.strace.6692-bind(21, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0bind.strace.6692:listen(21, 10) = 0bind.strace.6692-mprotect(0x7ff1c82a6000, 36864, PROT_READ|PROT_WRITE) = 0bind.strace.6692-mprotect(0x7ff1c82af000, 8192, PROT_READ|PROT_WRITE) = 0--bind.strace.6692-setsockopt(22, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0bind.strace.6692-bind(22, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.89.9.126")}, 16) = 0bind.strace.6692:listen(22, 10) = 0bind.strace.6692-mprotect(0x7ff1c8391000, 36864, PROT_READ|PROT_WRITE) = 0bind.strace.6692-mprotect(0x7ff1c839a000, 8192, PROT_READ|PROT_WRITE) = 0--bind.strace.6692-setsockopt(23, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0bind.strace.6692-bind(23, {sa_family=AF_INET, sin_port=htons(953), sin_addr=inet_addr("127.0.0.1")}, 16) = 0bind.strace.6692:listen(23, 128) = 0bind.strace.6692-write(7, "\27\0\0\0\375\377\377\377", 8) = 8bind.strace.6692-mprotect(0x7ff1bf627000, 8192, PROT_READ|PROT_WRITE) = 0--bind.strace.6692-setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0bind.strace.6692-bind(24, {sa_family=AF_INET6, sin6_port=htons(953), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0bind.strace.6692:listen(24, 128) = 0bind.strace.6692-write(7, "\30\0\0\0\375\377\377\377", 8) = 8bind.strace.6692-gettimeofday({1413483241, 939723}, NULL) = 0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141016/62476038/attachment.html>
More information about the bind-users
mailing list