BIND -P2 update plans (Was: Re: The BIND scandal)
Doug Barton
dougb at FreeBSD.org
Tue Aug 5 05:06:41 UTC 2008
Thomas Rasmussen wrote:
> I've posted to the bind-users list to say this, but to confirm here: On
> 7-STABLE from a few weeks ago on a couple of busy recursive servers,
> this patch made an extreme positive difference. I was having problems
> with constant timeouts, very slow recursive lookups when they did work,
> and frequent errors about too many open files or somesuch in messages
> (regardless of kern.maxfiles and FD_SETSIZE settings), all of this
> disappeared when I applied P2. Number of successful queries almost
> doubled the minute I restarted with the -P2 patch applied, no more
> slowness or timeouts.
That's good news even taking your change to fd_setsize into account.
> This is the bind9.4 port by the way, 9.5 had even more weird errors and
> behaviour. I've since seen various sources claiming that 9.5 isn't ready
> for primetime on busy resolvers, so I'll wait for a while before moving
> on to 9.5.
Yeah, if you don't have time to help debug the problems then sticking
with 9.4 is a good decision. OTOH they can use all the help they can
get. :)
> For the record, I have compiled dns/bind94 with
>
> make CFLAGS="-DFD_SETSIZE=65000" install clean
>
> to avoid "too many open file descriptors" errors, but with this setting
> (and increasing kern.maxfiles with sysctl) everything seems to be
> running nicely. -P2 might have removed the need for increasing
> FD_SETSIZE but this works, and for now I'll leave it at that.
I can certainly understand not wanting to change something that's
working, but I would like to get at least a couple of users to confirm
that -P2 works out of the box before I import them. I don't mind
adding a "big fd_setsize" knob to the ports and the base, but I want
to be sure it's needed first.
Doug
--
This .signature sanitized for your protection
More information about the freebsd-security
mailing list