TCP backlog exceeded with bind 9.16.0
Warren Kumari
warren at kumari.net
Mon Mar 16 17:59:57 UTC 2020
On Mon, Mar 16, 2020 at 1:56 PM Craig Leres
<bind-workers-post at ee.lbl.gov> wrote:
>
> Since 9.14 reaches EOL soon, we recently switch to 9.16. Several times
> since then is has been necessary to restart the zone master named
> because it starts rejecting TCP connections (breaking zone transfers
> among other things). When this happens netstat shows a bunch of
> established connections with no pending data:
>
> Proto Recv-Q Send-Q Local Address Foreign Address
> (state)
> tcp4 0 0 131.243.???.???.53 ???.???.???.???.2223
> ESTABLISHED
>
> And also some non-zero receive queues in close_wait or closed states:
>
> tcp4 66 0 131.243.???.???.53 ???.???.???.???.37998
> CLOSED
> tcp4 66 0 131.243.???.???.53 ???.???.???.???.29349
> CLOSE_WAIT
>
> Finally, the TCP listen queue for named's public ip has more connections
> queued than the TCP backlog:
>
> Current listen queue sizes (qlen/incqlen/maxqlen)
> Proto Listen Local Address
> tcp4 16/0/10 131.243.???.???.53
>
> Which is why new TCP connections are being refused.
>
> Is anybody else seeing this?
This: https://kb.isc.org/docs/operational-notification-an-error-in-handling-tcp-client-quota-limits-can-exhaust-tcp-connections-in-bind-9160
?
W
>
> Craig
> _______________________________________________
> bind-workers mailing list
> bind-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-workers
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
More information about the bind-workers
mailing list