Date: Sun, 17 May 1998 23:52:13 +0100 From: Manar Hussain <manar@ivision.co.uk> To: MP <mlistbsd@icorp.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: too many open files problem Message-ID: <3.0.5.32.19980517235213.009063b0@stingray.ivision.co.uk> In-Reply-To: <3.0.1.32.19980517145521.0069e5b4@icorp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>I have two Class C's on my network and recently a hacker tunnelled into the >backbone and masqueraded under an unused IP in my subnet to do spamming. >As a result, I opted to bind all my IP addresses - used or not, to one of >my servers. So I have about 400 or so IPs bound. When I boot FBSD 2.2.6, >everything works, but if I -HUP the nameserver, I get this in the messages >log: >The hard limit on open files is set at 360 - this may be inadequate since I >may have up to 512 domains mapped to my server. I assume there is a >relationship between these two concepts. Yup. Oddly enough this was recently discussed on isp@freebsd.org.uk: -------- 4.9.* works just fine with more than 256 interfaces. There is a compile time constant you have to tweak. FreeBSD by default has a constant (it's in one of the header files) that limits to 256 file descriptors. If you compile bind with a larger descriptor it works fine. Took me a few hours to track that one down in the debugger. One of our clients has a lot of scripts that depends on 4.9's config. file syntax so 8.x wasn't an option at the time. --------- The hint here is that the best thing is probably to move to Bind8 if you can - bind 8 will let you only bind to one interface which solves a lot of potential problem including this one. >What are my options? Do I need to tune the kernel to solve this problem? > >If so, would someone be so kind as to walk me through this process? >Initial examinations showed a value OPEN_MAX, but it simply referenced some >header file that I could not find on the system - I haven't done enough >research yet to figure out what to do. You've solved your own problems - if you must stick with bind4 then recompile the kernel with say OPENMAX=512 or probably better at 1024 to give you more breathing space ... Manar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19980517235213.009063b0>