<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:14px"><div id="yui_3_16_0_1_1413493499834_10364" class="" style=""><br></div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr">Hello,</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr"><br></div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr">While I was investigating potential SYN flooding warning messages on my Linux box for our DNS traffic,</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr">I was very surprised to see the backlog was set to very small numbers for BIND tcp sockets.</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr"><br></div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr">strace showed backlog was '10' for listening socket for port 53 and '128' for listening socket for port 953 (rdnc traffic).</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr"><br></div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr">I've restarted BIND after I updated somaxconn but BIND didn't pick up the value.</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr"><br></div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="" dir="ltr">Why doesn't BIND set the backlog to a huge number and let OSes reduce it to whatever somaxconn is? Or just set backlog to whatever is is set for somaxconn?</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style=""><br></div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">[x@h1:~ 21:11:49]$ sysctl net.core.somaxconn</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">net.core.somaxconn = 16384</div><div id="yui_3_16_0_1_1413493499834_10364"><br></div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">[x@h1:~ 21:10:40]$ grep -C 2 -w listen bind.strace*</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-setsockopt(20, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-bind(20, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692:listen(20, 10)                          = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-mprotect(0x7ff1c81bb000, 32768, PROT_READ|PROT_WRITE) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-mprotect(0x7ff1c81c3000, 12288, PROT_READ|PROT_WRITE) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">--</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-setsockopt(21, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-bind(21, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692:listen(21, 10)                          = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-mprotect(0x7ff1c82a6000, 36864, PROT_READ|PROT_WRITE) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-mprotect(0x7ff1c82af000, 8192, PROT_READ|PROT_WRITE) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">--</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-setsockopt(22, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-bind(22, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.89.9.126")}, 16) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692:listen(22, 10)                          = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-mprotect(0x7ff1c8391000, 36864, PROT_READ|PROT_WRITE) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-mprotect(0x7ff1c839a000, 8192, PROT_READ|PROT_WRITE) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">--</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-setsockopt(23, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-bind(23, {sa_family=AF_INET, sin_port=htons(953), sin_addr=inet_addr("127.0.0.1")}, 16) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692:listen(23, 128)                         = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-write(7, "\27\0\0\0\375\377\377\377", 8)                         = 8</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-mprotect(0x7ff1bf627000, 8192, PROT_READ|PROT_WRITE) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">--</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-setsockopt(24, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-bind(24, {sa_family=AF_INET6, sin6_port=htons(953), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692:listen(24, 128)                         = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-write(7, "\30\0\0\0\375\377\377\377", 8) = 8</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style="">bind.strace.6692-gettimeofday({1413483241, 939723}, NULL) = 0</div><div id="yui_3_16_0_1_1413493499834_10364" class="" style=""><br class="" style=""></div></div></body></html>