>> Notice develop (1.4.8+) has a slightly different database layout >> than 1.4.7. I'll work on a patch that applies on your version so >> you don't have to upgrade.. > > Fetch it from here. > > https://github.com/opendnssec/opendnssec/tree/1.4.7-tcp_queue_fix > > It has the patches applied on top op 1.4.7.
OK, I've applied this set of patches onto our local tree, and we're now running with that code. ... It now looks like OpenDNSSEC is even more eager to open sockets and files, it's bumped into the open FD limit again, even though I raised it even more. And ... it looks like it likes to leave around FDs which according to "netstat -f inet -n" are in CLOSE_WAIT state. As I see it, that means it's received a FIN from the remote, but the application has yet to call close() on the socket. I currently count 335 such connections between the signer and the hidden master, and according to "fstat", ths signer has 362 open TCP connections. No wonder it's running itself out of open FDs if it's not cleaning up after itself... Meanwhile, the instrumentation I've added to count the number of active FDs is hovering at small figures: Dec 22 21:11:17 signerhost ods-signerd: [xfrd] allocating new TCP connection: 4 but it's also complaining of exceeding the number of open files. So... there's something which is "off" with the FD consumption. This notion that OpenDNSSEC's resource limits (except, perhaps, its memory footprint, although I have misgivings about that as well) such as max TCP connections and max total open files needs to scale with the number of zones it is configured to handle just needs to go. Anything else it not scaleable. Regards, - HÃ¥vard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
