On Tue, Feb 17, 2015 at 12:45:47AM +, Stuart Henderson wrote:
In gmane.os.openbsd.misc, Otto wrote:
On Tue, Dec 30, 2014 at 11:09:44AM -0200, Raimundo Santos wrote:
Hello misc@!
I have a router (peaking at 70Mbps of aggregated traffic) that acts as a
recursive internal DNS server too (this configuration will die
soon, as my traffic is growing), but Unbound keep saying, in
/var/log/messages:
Dec 30 09:57:07 myhost unbound: [3873:0] error: can't create socket: Too
many open files
Dec 30 09:57:08 myhost last message repeated 20284 times
Dec 30 10:26:48 myhost unbound: [3873:0] error: can't create socket: Too
many open files
Dec 30 10:26:50 myhost last message repeated 24896 times
Sometimes it says:
Dec 27 21:49:19 myhost unbound: [2565:0] notice: sendto failed: No buffer
space available
I have:
kern.maxfiles=16384
kern.somaxconn=16384
And in login.conf:
daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=4096:\
:openfiles-max=8192:\
:stacksize-cur=8M:\
:localcipher=blowfish,9:\
:tc=default:
unbound:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=8192:\
:openfiles-max=16384:\
:stacksize-cur=32M:\
:localcipher=blowfish,9:\
:tc=default:
With many resources just for Unbound, how can it keep complaining?
There's an undocumented feature with unbound: it (only) sets its
resource limits based on the class of its user (_unbound by default).
So set the class of the _unbound user to unbound and you're all set.
-Otto
This would probably be less surprising. Comments, anyone?
I would like this very much.
-Otto
Index: master.passwd
===
RCS file: /cvs/src/etc/master.passwd,v
retrieving revision 1.78
diff -u -p -r1.78 master.passwd
--- master.passwd 15 Sep 2014 22:28:58 - 1.78
+++ master.passwd 17 Feb 2015 00:42:50 -
@@ -9,7 +9,7 @@ _rstatd:*:30:30::0:0:rpc.rstatd:/var/emp
_rusersd:*:32:32::0:0:rpc.rusersd:/var/empty:/sbin/nologin
_fingerd:*:33:33::0:0:fingerd:/var/empty:/sbin/nologin
_x11:*:35:35::0:0:X Server:/var/empty:/sbin/nologin
-_unbound:*:53:53::0:0:Unbound Daemon:/var/unbound:/sbin/nologin
+_unbound:*:53:53:unbound:0:0:Unbound Daemon:/var/unbound:/sbin/nologin
_spamd:*:62:62::0:0:Spam Daemon:/var/empty:/sbin/nologin
uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/var/spool/uucppublic:/sbin/nologin
www:*:67:67::0:0:HTTP Server:/var/www:/sbin/nologin