I noticed this in my logs (as well as noticing incorrect SERVFAIL responses from time to time):
unbound: [12887:0] warning: setrlimit: Operation not permitted unbound: [12887:0] warning: cannot increase max open fds from 512 to 4152 unbound: [12887:0] warning: continuing with less udp ports: 460 unbound: [12887:0] warning: increase ulimit or decrease threads, ports in config to remove this warning unbound: [12887:0] notice: init module 0: validator unbound: [12887:0] notice: init module 1: iterator unbound: [12887:0] info: start of service (unbound 1.16.3). So, I edited /etc/login.conf and ran `cap_mkdb /etc/login.conf`: unbound:\ #:openfiles=512:\ :openfiles=8192:\ :tc=daemon: And now when I run `rcctl restart unbound` (or at boot), I see (this also fixed the random SERVFAILS): unbound: [26394:0] notice: init module 0: validator unbound: [26394:0] notice: init module 1: iterator unbound: [26394:0] info: start of service (unbound 1.16.3). However, when I then run `rcctl reload unbound`, I see: unbound: [26394:0] info: service stopped (unbound 1.16.3). unbound: [26394:0] info: server stats for thread 0: 125 queries, 69 answers from cache, 56 recursions, 0 prefetch, 0 rejected by ip ratelimiting unbound: [26394:0] info: server stats for thread 0: requestlist max 35 avg 1.66071 exceeded 0 jostled 0 unbound: [26394:0] info: average recursion processing time 0.181258 sec unbound: [26394:0] info: histogram of recursion processing times unbound: [26394:0] info: [25%]=0.0444709 median[50%]=0.0928427 [75%]=0.302474 unbound: [26394:0] info: lower(secs) upper(secs) recursions unbound: [26394:0] info: 0.000000 0.000001 5 unbound: [26394:0] info: 0.016384 0.032768 4 unbound: [26394:0] info: 0.032768 0.065536 14 unbound: [26394:0] info: 0.065536 0.131072 12 unbound: [26394:0] info: 0.131072 0.262144 5 unbound: [26394:0] info: 0.262144 0.524288 13 unbound: [26394:0] info: 0.524288 1.000000 3 unbound: [26394:0] notice: Restart of unbound 1.16.3. unbound: [26394:0] warning: setrlimit: Operation not permitted unbound: [26394:0] warning: cannot increase max open fds from 512 to 4152 unbound: [26394:0] warning: continuing with less udp ports: 460 unbound: [26394:0] warning: increase ulimit or decrease threads, ports in config to remove this warning unbound: [26394:0] notice: init module 0: validator unbound: [26394:0] notice: init module 1: iterator unbound: [26394:0] info: start of service (unbound 1.16.3). Have I misunderstood login.conf or configured it wrong? Why can the restarted process set its rlimit, but the reloaded one cannot? Should I simply avoid reloading unbound in favor of restarting it? Thanks, Scott