On 2025-12-19, [email protected] <[email protected]> wrote: >> > unbound:\ >> > > openfiles-max=8192:\ >> > > tc=daemon: > > I don't understand why unbound wants so many openfiles, my running system > never shows > more than 400 files opened systemwide (sysctl kern.nfiles) and I'm running > two unbound services.
In general that is for a *busy* system. Think: server handling DNS queries for an ISP with at least hundreds of customers, probably more. When you've got multiple queries coming in for a diverse set of domains, many not cached and having to do multiple lookups to find the correct authoritative NS. IMO the logged warnings are totally overblown for the type of use seen in most small/medium networks. > For good(?) measure I recently added "num-threads: 4" (I settled on four > after monitoring, > but having just 1 thread has always worked too) It can help with distributing load for high query volumes but I think you're not going to get really good distribution between the instances on OpenBSD this way. Suspect you'll probably get better qps handling by front ending with dnsdist and distributing to separate resolver instances bound to different ports, but this is overkill for anything other than *busy*. I think most people reading will struggle to get unbound using as much as even 1% cpu as shown in top (not that this shows the whole picture but it's some kind of indication). > Upstream changed default for so-sndbuf to 4M, OpenBSD is different (see > thread). > Stuart set it to 1M in OpenBSD so if you are getting this error you most > likely > are setting so-sndbuf in your config (or did the 1.24.2 import loose this > setting?) As there's no buffer for UDP here there's no need to set this above max size of a single packet size, I just used 1M because that's what upstream did before the commit that changed it to 4M. > In my system I had added "so-sndbuf: 2m" (even before upgrading to 7.8). > > I use a handful of values from nlnetlabs's tunning guide: > https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/performance.html#configuration > "man unbound.conf" has very good descriptions of all the settings, a must > read! don't skip over the first paragraph. "Most users will probably not have a need to tune and optimise their Unbound installation, but it could be useful for large resolver installations." a server for e.g. a couple of hundred workstations is not large in DNS resolver terms. -- Please keep replies on the mailing list.
