Is anyone having issues between patched BIND and running out of file 
descriptors?  I saw the thread at http://marc.info/?m=121711077022388, 
but that's somewhat vague.

The problem: I deployed two OpenBSD 4.3 BIND servers to replace a 
complex series of Windows and other DNS servers on 7/26.  The install 
included the 004 patch.

About 24 hours later, one of the servers (the primary) died.  Named was 
still running, the server was still accepting connections on port 53, 
but never answering.  This became a problem because several other 
servers continued to use the primary instead of the secondary because 
the primary was "answering" but timing out.  Attempts to kill named were 
unsuccessful.  Load average was near zero.

My first guess was that I ran out of file descriptors.  An associate 
found some Linux documentation for BIND somewhere that suggested 16384 
files.  I've toyed with kern.maxfiles and login.conf, and I can't get 
the max files anywhere near that, which probably implies I don't want to.

So, my question is, how can I configure this box to avoid this problem? 
  What is a reasonable kern.maxfiles for a moderately busy DNS caching 
resolver?  Is errata 005 really the answer I'm looking for, even though 
I don't use IPv6?

[ message continues ]

The new BIND can very fd hungry.  Part of the openbsd patch was to
change it to support select over more than 1024 descriptors to give
you some idea.

You definitely want errata 05, unless you built a kernel without INET6
support.  It doesn't really affect fd limits, but it will cause
problems.

[ message continues ]

If you run a nameserver that has any kind of significant traffic at  
all, I suggest you subscribe to bind-users@isc.org .  There have been  
many discussions on these issues over the last several weeks.  The  
normal caveat applies of course:  OpenBSD named is not stock BIND,  
but it'll point you in the right direction.

Brian Keefer
Sr. Systems Engineer
www.Proofpoint.com
"Defend email.  Protect data."

[ message continues ]

Steve,

I saw this exact same behavior on a couple of servers with a 4.3-stable
build from 7/28.  Due to some differences in the way I built the -stable
release I decided to try again from scratch.  The 8/4 build of bsd +
base43.tgz have been working fine.  This seems to support the suggestion
that patch 005 might help.


[ message continues ]

The key is question is: do you see named processes in the state
ip6_opt in top(1)? If so, patch 005 certainly will help, even if you
are not actively using ipv6.


[ message continues ]

correction, that should be wait channel (column WAIT), not state.

	-Otto

[ message continues ]

Hi All,

I have applied the 004 and 005 patches and I still have a same problem. 
The named kick itself out, I can not see anything suspicious in a log file
the only massage is when hit top command I can see this:
 PID USERNAME PRI NICE  SIZE   RES STATE    WAIT      TIME    CPU COMMAND
 4670 named      2    0     19M     20M sleep    ip6_opt    0:09  0.00%
named  

Anyone have any idea what can I do to fix this bug?

Cheers,
ON



-- 
View this message in context: http://www.nabble.com/BIND-and-file-descriptors-tp18928272p19775718.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

[ message continues ]

Looks like you didn't apply the kernel patch correctly. Check if you really
are running a patched kernel.


[ message continues ]