From owner-freebsd-questions Sun May 17 15:54:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA08520 for freebsd-questions-outgoing; Sun, 17 May 1998 15:54:11 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from stingray.ivision.co.uk (stingray.ivision.co.uk [195.50.91.40]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA08371 for ; Sun, 17 May 1998 15:53:21 -0700 (PDT) (envelope-from manar@ivision.co.uk) Received: from pretender.ivision.co.uk [194.112.52.147] by stingray.ivision.co.uk with smtp (Exim 1.62 #2) id 0ybCIv-0004P7-00; Sun, 17 May 1998 23:53:18 +0100 Message-Id: <3.0.5.32.19980517235213.009063b0@stingray.ivision.co.uk> X-Sender: manarpop@stingray.ivision.co.uk X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sun, 17 May 1998 23:52:13 +0100 To: MP From: Manar Hussain Subject: Re: too many open files problem Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <3.0.1.32.19980517145521.0069e5b4@icorp.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >I have two Class C's on my network and recently a hacker tunnelled into the >backbone and masqueraded under an unused IP in my subnet to do spamming. >As a result, I opted to bind all my IP addresses - used or not, to one of >my servers. So I have about 400 or so IPs bound. When I boot FBSD 2.2.6, >everything works, but if I -HUP the nameserver, I get this in the messages >log: >The hard limit on open files is set at 360 - this may be inadequate since I >may have up to 512 domains mapped to my server. I assume there is a >relationship between these two concepts. Yup. Oddly enough this was recently discussed on isp@freebsd.org.uk: -------- 4.9.* works just fine with more than 256 interfaces. There is a compile time constant you have to tweak. FreeBSD by default has a constant (it's in one of the header files) that limits to 256 file descriptors. If you compile bind with a larger descriptor it works fine. Took me a few hours to track that one down in the debugger. One of our clients has a lot of scripts that depends on 4.9's config. file syntax so 8.x wasn't an option at the time. --------- The hint here is that the best thing is probably to move to Bind8 if you can - bind 8 will let you only bind to one interface which solves a lot of potential problem including this one. >What are my options? Do I need to tune the kernel to solve this problem? > >If so, would someone be so kind as to walk me through this process? >Initial examinations showed a value OPEN_MAX, but it simply referenced some >header file that I could not find on the system - I haven't done enough >research yet to figure out what to do. You've solved your own problems - if you must stick with bind4 then recompile the kernel with say OPENMAX=512 or probably better at 1024 to give you more breathing space ... Manar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message