At some time between version 'bind-9.3.6-4.P1.el5_4.2' and version 'bind-9.3.6-16.P1.el5' for CentOS (it seems that also for other distributions), the line max open files (1024) is smaller than max sockets (4096) started to show up in messages. It doesn't seem too bad, but I have less errors in messages since I fixed it... I did some research in Google and found some tips.
Logs before the issue showed up:
draco named[2180]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -4 -t /var/named/chroot draco named[2180]: adjusted limit on open files from 1024 to 1048576 draco named[2180]: found 2 CPUs, using 2 worker threads draco named[2180]: using up to 4096 sockets draco named[2180]: loading configuration from '/etc/named.conf' draco named[2180]: using default UDP/IPv4 port range: [1024, 65535] draco named[2180]: using default UDP/IPv6 port range: [1024, 65535] |
And then::
draco named[22264]: starting BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 -u named -4 -t /var/named/chroot draco named[22264]: found 2 CPUs, using 2 worker threads draco named[22264]: using up to 4096 sockets draco named[22264]: loading configuration from '/etc/named.conf' draco named[22264]: max open files (1024) is smaller than max sockets (4096) draco named[22264]: using default UDP/IPv4 port range: [1024, 65535] draco named[22264]: using default UDP/IPv6 port range: [1024, 65535] |
It seems that the max open files is hardcoded in the kernel. I didn't find a way to modify it through sysctl (or /proc filesystem). It is possible to set it trough ulimit.
[root@draco ~]# ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 16366 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 16366 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited |
Solution 1: Set ulimit while starting up named:
Add in /etc/sysconfig/named the following:
echo 'ulimit -HSn 4096' >> /etc/sysconfig/named |
Use always append ( >> ) to avoid overwriting your '/etc/sysconfig/named' file.
It is possible to set the value to a higher number, and then increase the number of sockets in named,
it depends on the load of the DNS server.
You could add this command to /etc/init.d/named, but you should lost it updating the bind rpm package.
Restart named now and messages should look this way:
draco named[22356]: starting BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 -u named -4 -t /var/named/chroot draco named[22356]: found 2 CPUs, using 2 worker threads draco named[22356]: using up to 4096 sockets draco named[22356]: loading configuration from '/etc/named.conf' draco named[22356]: using default UDP/IPv4 port range: [1024, 65535] draco named[22356]: using default UDP/IPv6 port range: [1024, 65535] |
Solution 2: Set the limits for the user root in /etc/security/limits.conf:
Edit /etc/security/limits.conf and add at the end:
root hard nofile 4096 root soft nofile 4096 |
Yes user root, because root runs /etc/init.d/named and the process named is a children of this process.
In this way the max number of open files for all processes started by root are increased,
but maybe there is a good reason why the default set in the kernel is 1024, so I prefer Solution 1.
It is NOT possible to set this limit for the user named as he never reads the file
/etc/security/limits.conf...
Solution 3: Add the option Statement 'files' in named.conf:
Add in the options section of named.conf the following statement:
files 4096; |
After doing it there is no warning in messages, but I am not sure if the system limits are
actually changed.
The bind docs says:
files The maximum number of files the server may have open concurrently. The default is unlimited. |
But...
Solution 4: Decrease the number of sockets named is opening:
In this way you are lowering the performance of named... It depends on the real
load of your server.
Edit /etc/sysconfig/named and add:
OPTIONS="-4 -S 1024" |