At Thu, 24 Jul 2008 17:18:48 -0500, Walter Gould <[EMAIL PROTECTED]> wrote:
> > Thanks - using a larger FD_SETSIZE seems to have worked. I set the > > #define __FD_SETSIZE in /usr/include/linux/posix_types.h to 4096, > > saved and recompiled named and now named is not crashing as it was > > before with the "too many open files" error. > > > > Thanks for your help, > > Walter > I guess I spoke too soon. The upgraded BIND 9.5.0-P1 that I compiled > yesterday (with the increased FD_SETSIZE) has crashed a few times > today. I received the same "Too many open files" error that I had been > seeing. Also, when I ran lsof, the number of named sockets or file > descriptors (?) was around 1000. Shouldn't it have been ok since I > increases the FD_SETSIZE to 4096? First off, what do you mean by crash? Did the process die? With or without a core? Second, 9.5 itself is not fully matured yet. If you need stability, I'd recommend 9.4.2-P1. Third, increasing FD_SETSIZE may not work for all OSes. You should check whether your OS really allows such dynamic configuration separately (e.g., by writing a small test program). > I tried restarting it, but shortly after, it crashed again. I am > wondering if running 9.5.0 is safe to run if we are not allowing > recursive lookups? When I run the dig @nameserver +short > porttest.dns-oarc.net TXT test against it, I receive: > dig @nameserver_ip +short porttest.dns-oarc.net TXT > z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. > "nameserver_ip is GOOD: 26 queries in 1.9 seconds from 7 ports with std > dev 22442.25" Pure 9.5.0 is not safe. It simply uses a small pool of query ports, which just happened to deceive the porttest tool successfully. --- JINMEI, Tatuya Internet Systems Consortium, Inc.
