BIND listen backlog too small

Shawn Zhou Thu, 16 Oct 2014 14:23:09 -0700

Hello,
While I was investigating potential SYN flooding warning messages on my Linux 
box for our DNS traffic,I was very surprised to see the backlog was set to very 
small numbers for BIND tcp sockets.
strace showed backlog was '10' for listening socket for port 53 and '128' for 
listening socket for port 953 (rdnc traffic).
I've restarted BIND after I updated somaxconn but BIND didn't pick up the value.
Why doesn't BIND set the backlog to a huge number and let OSes reduce it to 
whatever somaxconn is? Or just set backlog to whatever is is set for somaxconn?
[x@h1:~ 21:11:49]$ sysctl net.core.somaxconnnet.core.somaxconn = 16384
[x@h1:~ 21:10:40]$ grep -C 2 -w listen 
bind.strace*bind.strace.6692-setsockopt(20, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 
0bind.strace.6692-bind(20, {sa_family=AF_INET6, sin6_port=htons(53), 
inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 
0bind.strace.6692:listen(20, 10)                          = 
0bind.strace.6692-mprotect(0x7ff1c81bb000, 32768, PROT_READ|PROT_WRITE) = 
0bind.strace.6692-mprotect(0x7ff1c81c3000, 12288, PROT_READ|PROT_WRITE) = 
0--bind.strace.6692-setsockopt(21, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 
0bind.strace.6692-bind(21, {sa_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0bind.strace.6692:listen(21, 10)        
                  = 0bind.strace.6692-mprotect(0x7ff1c82a6000, 36864, 
PROT_READ|PROT_WRITE) = 0bind.strace.6692-mprotect(0x7ff1c82af000, 8192, 
PROT_READ|PROT_WRITE) = 0--bind.strace.6692-setsockopt(22, SOL_SOCKET, 
SO_REUSEADDR, [1], 4) = 0bind.strace.6692-bind(22, {sa_family=AF_INET, 
sin_port=htons(53), sin_addr=inet_addr("10.89.9.126")}, 16) = 
0bind.strace.6692:listen(22, 10)                          = 
0bind.strace.6692-mprotect(0x7ff1c8391000, 36864, PROT_READ|PROT_WRITE) = 
0bind.strace.6692-mprotect(0x7ff1c839a000, 8192, PROT_READ|PROT_WRITE) = 
0--bind.strace.6692-setsockopt(23, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 
0bind.strace.6692-bind(23, {sa_family=AF_INET, sin_port=htons(953), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0bind.strace.6692:listen(23, 128)       
                  = 0bind.strace.6692-write(7, "\27\0\0\0\375\377\377\377", 8)  
                       = 8bind.strace.6692-mprotect(0x7ff1bf627000, 8192, 
PROT_READ|PROT_WRITE) = 0--bind.strace.6692-setsockopt(24, SOL_SOCKET, 
SO_REUSEADDR, [1], 4) = 0bind.strace.6692-bind(24, {sa_family=AF_INET6, 
sin6_port=htons(953), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, 
sin6_scope_id=0}, 28) = 0bind.strace.6692:listen(24, 128)                       
  = 0bind.strace.6692-write(7, "\30\0\0\0\375\377\377\377", 8) = 
8bind.strace.6692-gettimeofday({1413483241, 939723}, NULL) = 0

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND listen backlog too small

Reply via email to