NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > OpenBSD Security> current

Re: BIND and file descriptors

From: sexyboy (oszkar.nagyfirebox.com)
Date: Thu Oct 02 2008 - 04:00:44 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

I have applied the 004 and 005 patches and I still have a same problem.
The named kick itself out, I can not see anything suspicious in a log file
the only massage is when hit top command I can see this:
PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
4670 named 2 0 19M 20M sleep ip6_opt 0:09 0.00%
named

Anyone have any idea what can I do to fix this bug?

Cheers,
ON

Steve Shockley wrote:
>
> Is anyone having issues between patched BIND and running out of file
> descriptors? I saw the thread at http://marc.info/?m=121711077022388,
> but that's somewhat vague.
>
> The problem: I deployed two OpenBSD 4.3 BIND servers to replace a
> complex series of Windows and other DNS servers on 7/26. The install
> included the 004 patch.
>
> About 24 hours later, one of the servers (the primary) died. Named was
> still running, the server was still accepting connections on port 53,
> but never answering. This became a problem because several other
> servers continued to use the primary instead of the secondary because
> the primary was "answering" but timing out. Attempts to kill named were
> unsuccessful. Load average was near zero.
>
> My first guess was that I ran out of file descriptors. An associate
> found some Linux documentation for BIND somewhere that suggested 16384
> files. I've toyed with kern.maxfiles and login.conf, and I can't get
> the max files anywhere near that, which probably implies I don't want to.
>
> So, my question is, how can I configure this box to avoid this problem?
> What is a reasonable kern.maxfiles for a moderately busy DNS caching
> resolver? Is errata 005 really the answer I'm looking for, even though
> I don't use IPv6?
>
>
>

--
View this message in context: http://www.nabble.com/BIND-and-file-descriptors-tp18928272p19775718.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]