Re: error: outgoing tcp: bind: Address already in use
On 24/07/17 12:57 +0200, W.C.A. Wijngaards via Unbound-users wrote: On 21/07/17 05:29, Nick Urbanik via Unbound-users wrote: On 06/07/17 18:13 +1000, Nick Urbanik via Unbound-users wrote: A DNS server running unbound 1.6.3 has these messages; any suggestions on what is happening? error: serviced_tcp_initiate: failed to send tcp query error: outgoing tcp: bind: Address already in use Could our setting of max-udp-size: 3072 be too low? Any guidelines for tuning this? I think unbound 1.6.4 port reuse option may solve it for you as Quirin suggests. I will use 1.6.4 as soon as permitted :-) The max-udp-size is not important for this error you are seeing in logs. But if the reply will not fit in 3072 bytes, then will unbound not then need to use TCP? And if there are a very large number of responses required, could that not cause the TCP ports to run out if they cannot easily be reused? This problem arises on our resolvers, which are separate from the caches; the caches forward to the resolvers. -- Nick Urbanik http://nicku.org 808-71011 nick.urba...@optusnet.com.au GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24 I disclaim, therefore I am.
Re: error: outgoing tcp: bind: Address already in use
Hi Nick, On 21/07/17 05:29, Nick Urbanik via Unbound-users wrote: > Dear Folks, > > On 06/07/17 18:13 +1000, Nick Urbanik via Unbound-users wrote: >> A DNS server running unbound 1.6.3 has these messages; any suggestions >> on what is happening? >> >> error: serviced_tcp_initiate: failed to send tcp query >> error: outgoing tcp: bind: Address already in use > > Could our setting of > max-udp-size: 3072 > be too low? Any guidelines for tuning this? I think unbound 1.6.4 port reuse option may solve it for you as Quirin suggests. The max-udp-size is not important for this error you are seeing in logs. Best regards, Wouter signature.asc Description: OpenPGP digital signature
Re: error: outgoing tcp: bind: Address already in use
On 07/20/2017 20:29, Nick Urbanik via Unbound-users wrote: Dear Folks, On 06/07/17 18:13 +1000, Nick Urbanik via Unbound-users wrote: A DNS server running unbound 1.6.3 has these messages; any suggestions on what is happening? error: serviced_tcp_initiate: failed to send tcp query error: outgoing tcp: bind: Address already in use Could our setting of max-udp-size: 3072 be too low? Any guidelines for tuning this? not likely since this is a TCP error not UDP error. Are you sure there are no other processes binding to the port that your unbound wants to listen on? try running sockstat or netstat to see if any procs are already listening that you may need to kill. -pete -- Pete Wright p...@nomadlogic.org @nomadlogicLA
Re: error: outgoing tcp: bind: Address already in use
Dear Folks, On 06/07/17 18:13 +1000, Nick Urbanik via Unbound-users wrote: A DNS server running unbound 1.6.3 has these messages; any suggestions on what is happening? error: serviced_tcp_initiate: failed to send tcp query error: outgoing tcp: bind: Address already in use Could our setting of max-udp-size: 3072 be too low? Any guidelines for tuning this? -- Nick Urbanik http://nicku.org 808-71011 nick.urba...@optusnet.com.au GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24 I disclaim, therefore I am.
Re: error: outgoing tcp: bind: Address already in use
Dear Wouter, On 06/07/17 10:30 +0200, W.C.A. Wijngaards via Unbound-users wrote: Hi Nick, The config number for outgoing tcp is likely too low. outgoing-num-tcp: 1000 We had it set to 3000. The machine is a resolver, with four machines forwarding to it. It has normal traffic of about 8,000 queries per second. The caches have up to 45,000 queries per second. Also, you may be running out of port numbers, perhaps this causes the 'bind a tcp socket returns errno Address already in use', because the choice of port number was left to the kernel? Unless you force a particular port number in the config, but that is unlikely. Please can you suggest how I might do that? People usually want to change the kernel handling of timewait with port reuse when that happens. So that is through a sysctl setting, I expect. Best regards, Wouter On 06/07/17 10:13, Nick Urbanik via Unbound-users wrote: Dear Folks, A DNS server running unbound 1.6.3 has these messages; any suggestions on what is happening? error: serviced_tcp_initiate: failed to send tcp query error: outgoing tcp: bind: Address already in use Here is the configuration, which is complete, except for the access-control statements, which are included from /etc/unbound/local.d/*.conf. No other statements are included. Can you suggest any possible changes to better support TCP queries? include: /etc/unbound/conf.d/*.conf remote-control: control-cert-file: /etc/unbound/unbound_control.pem control-enable: yes control-interface: 127.0.0.1 control-key-file: /etc/unbound/unbound_control.key server-cert-file: /etc/unbound/unbound_server.pem server-key-file: /etc/unbound/unbound_server.key server: auto-trust-anchor-file: /var/lib/unbound/root.key chroot: "" directory: /etc/unbound dlv-anchor-file: /etc/unbound/dlv.isc.org.key do-ip6: no extended-statistics: yes harden-below-nxdomain: yes harden-glue: yes harden-referral-path: yes hide-identity: yes hide-version: yes include: /etc/unbound/local.d/*.conf incoming-num-tcp: 3000 infra-cache-numhosts: 4 infra-cache-slabs: 16 interface: 127.0.0.1 interface: 130.232.53.173 interface: 20.81.34.106 interface: 24.219.107.46 interface-automatic: no key-cache-size: 128m key-cache-slabs: 16 log-time-ascii: yes logfile: /var/log/unbound/unbound.log max-udp-size: 3072 minimal-responses: yes msg-cache-size: 800m msg-cache-slabs: 16 neg-cache-size: 128m num-queries-per-thread: 16384 num-threads: 8 outgoing-interface: 24.219.107.46 outgoing-num-tcp: 3000 outgoing-port-avoid: 0-2767 outgoing-port-permit: 2768-65535 outgoing-range: 49152 pidfile: /var/run/unbound/unbound.pid prefetch: yes prefetch-key: yes ratelimit: 1000 ratelimit-factor: 10 ratelimit-for-domain: .1 ratelimit-for-domain: com. 1 ratelimit-for-domain: dlv.isc.org. 1 ratelimit-for-domain: edu. 5000 ratelimit-for-domain: gov. 5000 ratelimit-for-domain: net. 5000 ratelimit-for-domain: org. 5000 ratelimit-size: 128m ratelimit-slabs: 8 rrset-cache-size: 1600m rrset-cache-slabs: 16 rrset-roundrobin: yes so-rcvbuf: 8m so-reuseport: yes so-sndbuf: 8m statistics-cumulative: yes trusted-keys-file: /etc/unbound/keys.d/*.key unwanted-reply-threshold: 1000 username: unbound -- Nick Urbanik http://nicku.org 808-71011 nick.urba...@optusnet.com.au GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24 I disclaim, therefore I am.
Re: error: outgoing tcp: bind: Address already in use
Hi Nick, IIRC, unbound does a “bind before connect” on sockets, which requires a local port to be completely unused [1] to be used by bind. Unbound 1.6.4 should fix this by setting SO_REUSEADDR on outgoing ports - please give it a try. Kind regards Quirin [1] https://idea.popcount.org/2014-04-03-bind-before-connect/ > On 06 Jul 2017, at 10:13, Nick Urbanik via Unbound-users > wrote: > > Dear Folks, > > A DNS server running unbound 1.6.3 has these messages; any suggestions > on what is happening? > > error: serviced_tcp_initiate: failed to send tcp query > error: outgoing tcp: bind: Address already in use > -- > Nick Urbanik http://nicku.org 808-71011 nick.urba...@optusnet.com.au > GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24 > I disclaim, therefore I am. — Dipl.-Ing. Quirin Scheitle Web: https://www.net.in.tum.de/~scheitle/ Technische Universität München Room: 03.05.037 Department of Computer Science Tel: +49.89.289.18012 Network Architectures and Services
Re: error: outgoing tcp: bind: Address already in use
Hi Nick, The config number for outgoing tcp is likely too low. outgoing-num-tcp: 1000 Also, you may be running out of port numbers, perhaps this causes the 'bind a tcp socket returns errno Address already in use', because the choice of port number was left to the kernel? Unless you force a particular port number in the config, but that is unlikely. People usually want to change the kernel handling of timewait with port reuse when that happens. Best regards, Wouter On 06/07/17 10:13, Nick Urbanik via Unbound-users wrote: > Dear Folks, > > A DNS server running unbound 1.6.3 has these messages; any suggestions > on what is happening? > > error: serviced_tcp_initiate: failed to send tcp query > error: outgoing tcp: bind: Address already in use signature.asc Description: OpenPGP digital signature
error: outgoing tcp: bind: Address already in use
Dear Folks, A DNS server running unbound 1.6.3 has these messages; any suggestions on what is happening? error: serviced_tcp_initiate: failed to send tcp query error: outgoing tcp: bind: Address already in use -- Nick Urbanik http://nicku.org 808-71011 nick.urba...@optusnet.com.au GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24 I disclaim, therefore I am.
