Date: Sun, 17 May 1998 16:55:41 -0500 From: MP <mlistbsd@icorp.net> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: too many open files problem Message-ID: <3.0.1.32.19980517165541.006af678@icorp.net> In-Reply-To: <355F58EE.1A59667A@tdx.co.uk> References: <3.0.1.32.19980517145521.0069e5b4@icorp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> I have two Class C's on my network and recently a hacker tunnelled into the >> backbone and masqueraded under an unused IP in my subnet to do spamming. >> As a result, I opted to bind all my IP addresses - used or not, to one of >> my servers. So I have about 400 or so IPs bound. When I boot FBSD 2.2.6, >> everything works, but if I -HUP the nameserver, I get this in the messages >> log: >> >> May 17 14:29:37 mysys named[1266]: starting. named 4.9.6-REL Wed Mar 25 >> 00:29: >> 44 GMT 1998 jkh@time.cdrom.com:/usr/obj/usr/src/usr.sbin/named >> May 17 14:29:37 mysys named[1266]: fcntl(dfd, F_DUPFD, 20): Too many open >> files > >How did they manage to 'masquerade' on your network? - It may be easier / >better to block that (i.e. drop sourceroutes, firewall modem users from your >own machines etc.) - than binding all the addresses... I'm co-locating a number of servers on the backbone of an ISP, and he had a few accounts set up that allowed people to come on the backbone and then, apparently request their own IP - and as long as the IP pointed to our backbone and was unused, this was possible. So the best way I was told to deal with this was to bind any unused IPs to my lo0 and keep them from doing this - it's probably more efficient than running a firewall, and I can't control this idiot ISP or their users. By the way, this was a particularly vile spammer - he would seek out un-bound IPs, bind to them, send out tons of spam, then quickly disconnect. We had a helluva time trying to identify the perpetrator - I've never seen this technique used before. My admin said that there's a bug in his Ascend router he's been trying to get Ascend to address with not much luck (involving IP logging under certain circumstances). >If you look in your kernel - and see how many 'USERS' the kernel is set to, >this is the 'easy' way to increase the total number of files available... If >that's not at 256 try setting it to 256, otherwise theres a few other things >you can do - which someone else will probably suggest... Mark Segal's suggestion of configuring NAMED would be an ideal solution - since I don't seem to be hitting any roadblocks with the generic kernel configuration - I have another server running 2.1.5 which has uptime measured in YEARS with about 200 virtual domains and the generic kernel - this machine has been my workhorse and I can't tell you how wonderfully loyal it's made me to the FreeBSD world. However, I tried to upgrade BIND on my old machine and it crapped out, so I left the old version - now I'm suspecting what Mark described is what I experienced on that machine as well (programmer's first assumption: a newer program version has x new features, but tends to consume x^2 more resources!) <g> HOWEVER, I'm very interested in doing some kernel tweaking - and my first attempts seemed to be painless - tweaking users and OPEN_MAX - even though I can't find much documentation to explicitly describe the effects of these parms. Since I have your attention, let me explain why I might want to do this. The new server I'm configuring will take over the old server's duties which was a very heavy web load (anywhere from 750k-2 million+ hits/day) - every once in awhile, during peak loads, it would crap out - probably due to limited resources. I'm running a lot of c-based cgi scripts and if tweaking any of the kernel parms would give me the ability to handle heavier loads and more concurrent cgi calls, that would be perfect - so if you have any suggestions on which settings I can use to 'boost' the web server's capacity in this respect, it would be wonderfully helpful! I increased users from 10 to 32 and still couldn't get named to load - I tried different combinations of OPEN_MAX and other parms, and while I could verify the settings increased operational parameters, my benchmark, of trying to get named to run, still failed - maybe I didn't increase things enough, but limited the IP named listens to for resolution will solve this problem, but other suggestions on little things to change to boost web performance would be great. Thanks, Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.19980517165541.006af678>