BIND: How to fix max open files (1024) is smaller than max sockets (4096)

At some time between version 'bind-9.3.6-4.P1.el5_4.2' and version 'bind-9.3.6-16.P1.el5' for CentOS (it seems that also for other distributions), the line max open files (1024) is smaller than max sockets (4096) started to show up in messages. It doesn't seem too bad, but I have less errors in messages since I fixed it... I did some research in Google and found some tips.

Logs before the issue showed up:

   draco named[2180]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -4 -t /var/named/chroot
   draco named[2180]: adjusted limit on open files from 1024 to 1048576
   draco named[2180]: found 2 CPUs, using 2 worker threads
   draco named[2180]: using up to 4096 sockets
   draco named[2180]: loading configuration from '/etc/named.conf'
   draco named[2180]: using default UDP/IPv4 port range: [1024, 65535]
   draco named[2180]: using default UDP/IPv6 port range: [1024, 65535]

And then::

   draco named[22264]: starting BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 -u named -4 -t /var/named/chroot
   draco named[22264]: found 2 CPUs, using 2 worker threads
   draco named[22264]: using up to 4096 sockets
   draco named[22264]: loading configuration from '/etc/named.conf'
   draco named[22264]: max open files (1024) is smaller than max sockets (4096)
   draco named[22264]: using default UDP/IPv4 port range: [1024, 65535]
   draco named[22264]: using default UDP/IPv6 port range: [1024, 65535]

It seems that the max open files is hardcoded in the kernel. I didn't find a way to modify it through sysctl (or /proc filesystem). It is possible to set it trough ulimit.

   [root@draco ~]# ulimit -a
   core file size          (blocks, -c) 0
   data seg size           (kbytes, -d) unlimited
   scheduling priority             (-e) 0
   file size               (blocks, -f) unlimited
   pending signals                 (-i) 16366
   max locked memory       (kbytes, -l) 32
   max memory size         (kbytes, -m) unlimited
   open files                      (-n) 1024
   pipe size            (512 bytes, -p) 8
   POSIX message queues     (bytes, -q) 819200
   real-time priority              (-r) 0
   stack size              (kbytes, -s) 10240
   cpu time               (seconds, -t) unlimited
   max user processes              (-u) 16366
   virtual memory          (kbytes, -v) unlimited
   file locks                      (-x) unlimited

 

Solution 1: Set ulimit while starting up named:
Add in /etc/sysconfig/named the following:

   echo 'ulimit -HSn 4096' >> /etc/sysconfig/named

Use always append ( >> ) to avoid overwriting your '/etc/sysconfig/named' file.
It is possible to set the value to a higher number, and then increase the number of sockets in named, it depends on the load of the DNS server.
You could add this command to /etc/init.d/named, but you should lost it updating the bind rpm package.

Restart named now and messages should look this way:

   draco named[22356]: starting BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 -u named -4 -t /var/named/chroot
   draco named[22356]: found 2 CPUs, using 2 worker threads
   draco named[22356]: using up to 4096 sockets
   draco named[22356]: loading configuration from '/etc/named.conf'
   draco named[22356]: using default UDP/IPv4 port range: [1024, 65535]
   draco named[22356]: using default UDP/IPv6 port range: [1024, 65535]

 

Solution 2: Set the limits for the user root in /etc/security/limits.conf:
Edit /etc/security/limits.conf and add at the end:

   root    hard    nofile    4096
   root    soft    nofile    4096

Yes user root, because root runs /etc/init.d/named and the process named is a children of this process.

In this way the max number of open files for all processes started by root are increased, but maybe there is a good reason why the default set in the kernel is 1024, so I prefer Solution 1.
It is NOT possible to set this limit for the user named as he never reads the file /etc/security/limits.conf...

 

Solution 3: Add the option Statement 'files' in named.conf:
Add in the options section of named.conf the following statement:

   files 4096;

After doing it there is no warning in messages, but I am not sure if the system limits are actually changed.
The bind docs says:

   files
   The maximum number of files the server may have open concurrently. The default is unlimited.

But...

 

Solution 4: Decrease the number of sockets named is opening:
In this way you are lowering the performance of named... It depends on the real load of your server.
Edit /etc/sysconfig/named and add:

   OPTIONS="-4 -S 1024"

 


Back
Salvatore Toribio

20111002