Dear Wouter,
On 06/07/17 10:30 +0200, W.C.A. Wijngaards via Unbound-users wrote:
Hi Nick,
The config number for outgoing tcp is likely too low. outgoing-num-tcp:
1000
We had it set to 3000. The machine is a resolver, with four machines
forwarding to it. It has normal traffic of about 8,000 queries per
second. The caches have up to 45,000 queries per second.
Also, you may be running out of port numbers, perhaps this causes the
'bind a tcp socket returns errno Address already in use', because the
choice of port number was left to the kernel? Unless you force a
particular port number in the config, but that is unlikely.
Please can you suggest how I might do that?
People usually want to change the kernel handling of timewait with
port reuse when that happens.
So that is through a sysctl setting, I expect.
Best regards, Wouter
On 06/07/17 10:13, Nick Urbanik via Unbound-users wrote:
Dear Folks,
A DNS server running unbound 1.6.3 has these messages; any suggestions
on what is happening?
error: serviced_tcp_initiate: failed to send tcp query
error: outgoing tcp: bind: Address already in use
Here is the configuration, which is complete, except for the
access-control statements, which are included from
/etc/unbound/local.d/*.conf. No other statements are included.
Can you suggest any possible changes to better support TCP queries?
include: /etc/unbound/conf.d/*.conf
remote-control:
control-cert-file: /etc/unbound/unbound_control.pem
control-enable: yes
control-interface: 127.0.0.1
control-key-file: /etc/unbound/unbound_control.key
server-cert-file: /etc/unbound/unbound_server.pem
server-key-file: /etc/unbound/unbound_server.key
server:
auto-trust-anchor-file: /var/lib/unbound/root.key
chroot: ""
directory: /etc/unbound
dlv-anchor-file: /etc/unbound/dlv.isc.org.key
do-ip6: no
extended-statistics: yes
harden-below-nxdomain: yes
harden-glue: yes
harden-referral-path: yes
hide-identity: yes
hide-version: yes
include: /etc/unbound/local.d/*.conf
incoming-num-tcp: 3000
infra-cache-numhosts: 40000
infra-cache-slabs: 16
interface: 127.0.0.1
interface: 130.232.53.173
interface: 20.81.34.106
interface: 24.219.107.46
interface-automatic: no
key-cache-size: 128m
key-cache-slabs: 16
log-time-ascii: yes
logfile: /var/log/unbound/unbound.log
max-udp-size: 3072
minimal-responses: yes
msg-cache-size: 800m
msg-cache-slabs: 16
neg-cache-size: 128m
num-queries-per-thread: 16384
num-threads: 8
outgoing-interface: 24.219.107.46
outgoing-num-tcp: 3000
outgoing-port-avoid: 0-2767
outgoing-port-permit: 2768-65535
outgoing-range: 49152
pidfile: /var/run/unbound/unbound.pid
prefetch: yes
prefetch-key: yes
ratelimit: 1000
ratelimit-factor: 10
ratelimit-for-domain: . 10000
ratelimit-for-domain: com. 10000
ratelimit-for-domain: dlv.isc.org. 10000
ratelimit-for-domain: edu. 5000
ratelimit-for-domain: gov. 5000
ratelimit-for-domain: net. 5000
ratelimit-for-domain: org. 5000
ratelimit-size: 128m
ratelimit-slabs: 8
rrset-cache-size: 1600m
rrset-cache-slabs: 16
rrset-roundrobin: yes
so-rcvbuf: 8m
so-reuseport: yes
so-sndbuf: 8m
statistics-cumulative: yes
trusted-keys-file: /etc/unbound/keys.d/*.key
unwanted-reply-threshold: 10000000
username: unbound
--
Nick Urbanik http://nicku.org 808-71011 [email protected]
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
I disclaim, therefore I am.
