I noticed this in my logs (as well as noticing incorrect SERVFAIL
responses from time to time):
unbound: [12887:0] warning: setrlimit: Operation not permitted
unbound: [12887:0] warning: cannot increase max open fds from 512 to 4152
unbound: [12887:0] warning: continuing with less udp ports: 460
unbound: [12887:0] warning: increase ulimit or decrease threads, ports in
config to remove this warning
unbound: [12887:0] notice: init module 0: validator
unbound: [12887:0] notice: init module 1: iterator
unbound: [12887:0] info: start of service (unbound 1.16.3).
So, I edited /etc/login.conf and ran `cap_mkdb /etc/login.conf`:
unbound:\
#:openfiles=512:\
:openfiles=8192:\
:tc=daemon:
And now when I run `rcctl restart unbound` (or at boot), I see
(this also fixed the random SERVFAILS):
unbound: [26394:0] notice: init module 0: validator
unbound: [26394:0] notice: init module 1: iterator
unbound: [26394:0] info: start of service (unbound 1.16.3).
However, when I then run `rcctl reload unbound`, I see:
unbound: [26394:0] info: service stopped (unbound 1.16.3).
unbound: [26394:0] info: server stats for thread 0: 125 queries, 69 answers
from cache, 56 recursions, 0 prefetch, 0 rejected by ip ratelimiting
unbound: [26394:0] info: server stats for thread 0: requestlist max 35 avg
1.66071 exceeded 0 jostled 0
unbound: [26394:0] info: average recursion processing time 0.181258 sec
unbound: [26394:0] info: histogram of recursion processing times
unbound: [26394:0] info: [25%]=0.0444709 median[50%]=0.0928427 [75%]=0.302474
unbound: [26394:0] info: lower(secs) upper(secs) recursions
unbound: [26394:0] info: 0.000000 0.000001 5
unbound: [26394:0] info: 0.016384 0.032768 4
unbound: [26394:0] info: 0.032768 0.065536 14
unbound: [26394:0] info: 0.065536 0.131072 12
unbound: [26394:0] info: 0.131072 0.262144 5
unbound: [26394:0] info: 0.262144 0.524288 13
unbound: [26394:0] info: 0.524288 1.000000 3
unbound: [26394:0] notice: Restart of unbound 1.16.3.
unbound: [26394:0] warning: setrlimit: Operation not permitted
unbound: [26394:0] warning: cannot increase max open fds from 512 to 4152
unbound: [26394:0] warning: continuing with less udp ports: 460
unbound: [26394:0] warning: increase ulimit or decrease threads, ports in
config to remove this warning
unbound: [26394:0] notice: init module 0: validator
unbound: [26394:0] notice: init module 1: iterator
unbound: [26394:0] info: start of service (unbound 1.16.3).
Have I misunderstood login.conf or configured it wrong? Why can the
restarted process set its rlimit, but the reloaded one cannot?
Should I simply avoid reloading unbound in favor of restarting it?
Thanks,
Scott
