From owner-freebsd-doc@FreeBSD.ORG Sun Feb 3 00:20:28 2013 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id F41E72C1 for ; Sun, 3 Feb 2013 00:20:27 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) by mx1.freebsd.org (Postfix) with ESMTP id B48ABCFC for ; Sun, 3 Feb 2013 00:20:27 +0000 (UTC) Received: from lightning.wonkity.com (lightning.wonkity.com [10.0.0.8]) by wonkity.com (8.14.6/8.14.6) with ESMTP id r130KKsk035975; Sat, 2 Feb 2013 17:20:20 -0700 (MST) (envelope-from wblock@lightning.wonkity.com) Received: from lightning.wonkity.com (localhost [127.0.0.1]) by lightning.wonkity.com (8.14.6/8.14.6) with ESMTP id r130KKcF016729; Sat, 2 Feb 2013 17:20:20 -0700 (MST) (envelope-from wblock@lightning.wonkity.com) Received: from localhost (wblock@localhost) by lightning.wonkity.com (8.14.6/8.14.6/Submit) with ESMTP id r130KJIE016726; Sat, 2 Feb 2013 17:20:19 -0700 (MST) (envelope-from wblock@lightning.wonkity.com) Date: Sat, 2 Feb 2013 17:20:19 -0700 (MST) From: Warren Block To: freebsd-doc@freebsd.org, edward@rdtan.net Subject: Re: [RFC] Q&A propose to add into FAQ Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (wonkity.com [10.0.0.1]); Sat, 02 Feb 2013 17:20:20 -0700 (MST) X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Feb 2013 00:20:28 -0000 > Q8: This server of mine is a public DNS and it seems to be rejecting > connections because of too many TCP connections with "TIME_WAIT" status > (from "netstat -an"). How can I reduce the timeout? > A8: In short, tune the sysctl value "net.inet.tcp.msl" to something > modern and acceptable, such as 7500. > In detail, the default timeout value for TIME_WAIT status is set to 60 > seconds. This value is based on RFC 793. Since this RFC is drafted in > year 1981, equipments & bandwidth of that time wasn't as fast as what we > have now. A 60 seconds of waiting, for TCP session to terminate is a > long time. For a busy server opening & closing TCP connections, this > value should set to a fairly short time, such as 15 seconds. > The value of "net.inet.tcp.msl" is not the usual "literal" seconds > though. In order to reduce from the default 60 seconds to 15 seconds, > convert it to milliseconds and then divide it by 2. For example, > when 15 seconds is converted to 15,000 milliseconds, it then should > divide by 2, which sums up as "7500". This will be the value for > "net.inet.tcp.msl". > Q9: I just updated /etc/newsyslog.conf. How do I check for syntax error? > A9: Use the parameter "-nvv" when executing "newsyslog". For example, > "newsyslog -nvv" would tell what are each of the lines in > /etc/newsyslog.conf would do when the time comes. While these are helpful, they are not frequently asked. They would be better suited to the Configuration and Tuning chapter of the Handbook.