Thomas Rasmussen wrote:
I've posted to the bind-users list to say this, but to confirm here: On
7-STABLE from a few weeks ago on a couple of busy recursive servers,
this patch made an extreme positive difference. I was having problems
with constant timeouts, very slow recursive lookups when they did work,
and frequent errors about too many open files or somesuch in messages
(regardless of kern.maxfiles and FD_SETSIZE settings), all of this
disappeared when I applied P2. Number of successful queries almost
doubled the minute I restarted with the -P2 patch applied, no more
slowness or timeouts.
That's good news even taking your change to fd_setsize into account.
This is the bind9.4 port by the way, 9.5 had even more weird errors and
behaviour. I've since seen various sources claiming that 9.5 isn't ready
for primetime on busy resolvers, so I'll wait for a while before moving
on to 9.5.
Yeah, if you don't have time to help debug the problems then sticking
with 9.4 is a good decision. OTOH they can use all the help they can
get. :)
For the record, I have compiled dns/bind94 with
make CFLAGS="-DFD_SETSIZE=65000" install clean
to avoid "too many open file descriptors" errors, but with this setting
(and increasing kern.maxfiles with sysctl) everything seems to be
running nicely. -P2 might have removed the need for increasing
FD_SETSIZE but this works, and for now I'll leave it at that.
I can certainly understand not wanting to change something that's
working, but I would like to get at least a couple of users to confirm
that -P2 works out of the box before I import them. I don't mind
adding a "big fd_setsize" knob to the ports and the base, but I want
to be sure it's needed first.
Doug
--
This .signature sanitized for your protection
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
