Date: Mon, 04 Aug 2008 22:06:38 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Thomas Rasmussen <thomas@gibfest.dk> Cc: freebsd-security@freebsd.org Subject: Re: BIND -P2 update plans (Was: Re: The BIND scandal) Message-ID: <4897DFDE.5030406@FreeBSD.org> In-Reply-To: <48972C4E.6010706@gibfest.dk> References: <Pine.LNX.4.64.0808021459580.23103@neptune.sinister.com> <4895E91B.3000002@FreeBSD.org> <200808031923.31775.matt@chronos.org.uk> <4896970E.1080205@FreeBSD.org> <48972C4E.6010706@gibfest.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas Rasmussen wrote:
> I've posted to the bind-users list to say this, but to confirm here: On
> 7-STABLE from a few weeks ago on a couple of busy recursive servers,
> this patch made an extreme positive difference. I was having problems
> with constant timeouts, very slow recursive lookups when they did work,
> and frequent errors about too many open files or somesuch in messages
> (regardless of kern.maxfiles and FD_SETSIZE settings), all of this
> disappeared when I applied P2. Number of successful queries almost
> doubled the minute I restarted with the -P2 patch applied, no more
> slowness or timeouts.
That's good news even taking your change to fd_setsize into account.
> This is the bind9.4 port by the way, 9.5 had even more weird errors and
> behaviour. I've since seen various sources claiming that 9.5 isn't ready
> for primetime on busy resolvers, so I'll wait for a while before moving
> on to 9.5.
Yeah, if you don't have time to help debug the problems then sticking
with 9.4 is a good decision. OTOH they can use all the help they can
get. :)
> For the record, I have compiled dns/bind94 with
>
> make CFLAGS="-DFD_SETSIZE=65000" install clean
>
> to avoid "too many open file descriptors" errors, but with this setting
> (and increasing kern.maxfiles with sysctl) everything seems to be
> running nicely. -P2 might have removed the need for increasing
> FD_SETSIZE but this works, and for now I'll leave it at that.
I can certainly understand not wanting to change something that's
working, but I would like to get at least a couple of users to confirm
that -P2 works out of the box before I import them. I don't mind
adding a "big fd_setsize" knob to the ports and the base, but I want
to be sure it's needed first.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4897DFDE.5030406>