Is anyone having issues between patched BIND and running out of file
descriptors? I saw the thread at http://marc.info/?m=121711077022388,
but that's somewhat vague.
The problem: I deployed two OpenBSD 4.3 BIND servers to replace a
complex series of Windows and other DNS servers on 7/26. The install
included the 004 patch.
About 24 hours later, one of the servers (the primary) died. Named was
still running, the server was still accepting connections on port 53,
but never answering. This became a problem because several other
servers continued to use the primary instead of the secondary because
the primary was "answering" but timing out. Attempts to kill named were
unsuccessful. Load average was near zero.
My first guess was that I ran out of file descriptors. An associate
found some Linux documentation for BIND somewhere that suggested 16384
files. I've toyed with kern.maxfiles and login.conf, and I can't get
the max files anywhere near that, which probably implies I don't want to.
So, my question is, how can I configure this box to avoid this problem?
What is a reasonable kern.maxfiles for a moderately busy DNS caching
resolver? Is errata 005 really the answer I'm looking for, even though
I don't use IPv6?
- BIND and file descriptors Steve Shockley
-