Re: unbound problem in 5.6

2015-02-16 Thread Stuart Henderson 
In gmane.os.openbsd.misc, Otto wrote:
 On Tue, Dec 30, 2014 at 11:09:44AM -0200, Raimundo Santos wrote:

 Hello misc@!
 
 I have a router (peaking at 70Mbps of aggregated traffic) that acts as a
 recursive internal DNS server too (this configuration will die
 soon, as my traffic is growing), but Unbound keep saying, in
 /var/log/messages:
 
 Dec 30 09:57:07 myhost unbound: [3873:0] error: can't create socket: Too
 many open files
 Dec 30 09:57:08 myhost last message repeated 20284 times
 Dec 30 10:26:48 myhost unbound: [3873:0] error: can't create socket: Too
 many open files
 Dec 30 10:26:50 myhost last message repeated 24896 times
 
 Sometimes it says:
 
 Dec 27 21:49:19 myhost unbound: [2565:0] notice: sendto failed: No buffer
 space available
 
 I have:
 
 kern.maxfiles=16384
 kern.somaxconn=16384
 
 And in login.conf:
 
 daemon:\
 :ignorenologin:\
 :datasize=infinity:\
 :maxproc=infinity:\
 :openfiles-cur=4096:\
 :openfiles-max=8192:\
 :stacksize-cur=8M:\
 :localcipher=blowfish,9:\
 :tc=default:
 
 unbound:\
 :ignorenologin:\
 :datasize=infinity:\
 :maxproc=infinity:\
 :openfiles-cur=8192:\
 :openfiles-max=16384:\
 :stacksize-cur=32M:\
 :localcipher=blowfish,9:\
 :tc=default:
 
 With many resources just for Unbound, how can it keep complaining?

 There's an undocumented feature with unbound: it (only) sets its
 resource limits based on the class of its user (_unbound by default).

 So set the class of the _unbound user to unbound and you're all set.

   -Otto

This would probably be less surprising. Comments, anyone?

Index: master.passwd
===
RCS file: /cvs/src/etc/master.passwd,v
retrieving revision 1.78
diff -u -p -r1.78 master.passwd
--- master.passwd   15 Sep 2014 22:28:58 -  1.78
+++ master.passwd   17 Feb 2015 00:42:50 -
@@ -9,7 +9,7 @@ _rstatd:*:30:30::0:0:rpc.rstatd:/var/emp
 _rusersd:*:32:32::0:0:rpc.rusersd:/var/empty:/sbin/nologin
 _fingerd:*:33:33::0:0:fingerd:/var/empty:/sbin/nologin
 _x11:*:35:35::0:0:X Server:/var/empty:/sbin/nologin
-_unbound:*:53:53::0:0:Unbound Daemon:/var/unbound:/sbin/nologin
+_unbound:*:53:53:unbound:0:0:Unbound Daemon:/var/unbound:/sbin/nologin
 _spamd:*:62:62::0:0:Spam Daemon:/var/empty:/sbin/nologin
 uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/var/spool/uucppublic:/sbin/nologin
 www:*:67:67::0:0:HTTP Server:/var/www:/sbin/nologin

Re: unbound problem in 5.6

2015-02-16 Thread Otto Moerbeek 
On Tue, Feb 17, 2015 at 12:45:47AM +, Stuart Henderson wrote:

 In gmane.os.openbsd.misc, Otto wrote:
  On Tue, Dec 30, 2014 at 11:09:44AM -0200, Raimundo Santos wrote:
 
  Hello misc@!
  
  I have a router (peaking at 70Mbps of aggregated traffic) that acts as a
  recursive internal DNS server too (this configuration will die
  soon, as my traffic is growing), but Unbound keep saying, in
  /var/log/messages:
  
  Dec 30 09:57:07 myhost unbound: [3873:0] error: can't create socket: Too
  many open files
  Dec 30 09:57:08 myhost last message repeated 20284 times
  Dec 30 10:26:48 myhost unbound: [3873:0] error: can't create socket: Too
  many open files
  Dec 30 10:26:50 myhost last message repeated 24896 times
  
  Sometimes it says:
  
  Dec 27 21:49:19 myhost unbound: [2565:0] notice: sendto failed: No buffer
  space available
  
  I have:
  
  kern.maxfiles=16384
  kern.somaxconn=16384
  
  And in login.conf:
  
  daemon:\
  :ignorenologin:\
  :datasize=infinity:\
  :maxproc=infinity:\
  :openfiles-cur=4096:\
  :openfiles-max=8192:\
  :stacksize-cur=8M:\
  :localcipher=blowfish,9:\
  :tc=default:
  
  unbound:\
  :ignorenologin:\
  :datasize=infinity:\
  :maxproc=infinity:\
  :openfiles-cur=8192:\
  :openfiles-max=16384:\
  :stacksize-cur=32M:\
  :localcipher=blowfish,9:\
  :tc=default:
  
  With many resources just for Unbound, how can it keep complaining?
 
  There's an undocumented feature with unbound: it (only) sets its
  resource limits based on the class of its user (_unbound by default).
 
  So set the class of the _unbound user to unbound and you're all set.
 
  -Otto
 
 This would probably be less surprising. Comments, anyone?

I would like this very much.

-Otto

 
 Index: master.passwd
 ===
 RCS file: /cvs/src/etc/master.passwd,v
 retrieving revision 1.78
 diff -u -p -r1.78 master.passwd
 --- master.passwd 15 Sep 2014 22:28:58 -  1.78
 +++ master.passwd 17 Feb 2015 00:42:50 -
 @@ -9,7 +9,7 @@ _rstatd:*:30:30::0:0:rpc.rstatd:/var/emp
  _rusersd:*:32:32::0:0:rpc.rusersd:/var/empty:/sbin/nologin
  _fingerd:*:33:33::0:0:fingerd:/var/empty:/sbin/nologin
  _x11:*:35:35::0:0:X Server:/var/empty:/sbin/nologin
 -_unbound:*:53:53::0:0:Unbound Daemon:/var/unbound:/sbin/nologin
 +_unbound:*:53:53:unbound:0:0:Unbound Daemon:/var/unbound:/sbin/nologin
  _spamd:*:62:62::0:0:Spam Daemon:/var/empty:/sbin/nologin
  uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/var/spool/uucppublic:/sbin/nologin
  www:*:67:67::0:0:HTTP Server:/var/www:/sbin/nologin