unnbound vs file descriptors

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

unnbound vs file descriptors

Otto Moerbeek
Hi,

So i have started using unbound on a mailserver (running amd64 5.6-stable).

First observation is that it uses (too?) many file descriptors in the
default setup.

Dec 15 22:38:00 mx1 unbound: [8713:0] error: can't create socket: Too many open files
Dec 15 22:38:00 mx1 last message repeated 1366 times

$ unbound-checkconf -o outgoing-range
4000

But even after settting this to 1500 and having a login.conf:

unbound:\
        :openfiles-cur=2048:\
        :tc=daemon:

I am still seeing these log messages.

I'd like to make sure the settings out of the box are reasonable
(setting outgoing-range any maybe other options in the default config
and/or having a default entry in loging.conf, but so far unbound is
not cooperating. Any clue on what setting I should fiddle with?

        -Otto



Reply | Threaded
Open this post in threaded view
|

Re: unnbound vs file descriptors

Bogdan Andu
may just a naive question..
but did you sudo vipw
and put unbound class for unbound user?
/Bogdan
 

     On Tuesday, December 16, 2014 9:46 AM, Otto Moerbeek <[hidden email]> wrote:
   

 Hi,

So i have started using unbound on a mailserver (running amd64 5.6-stable).

First observation is that it uses (too?) many file descriptors in the
default setup.

Dec 15 22:38:00 mx1 unbound: [8713:0] error: can't create socket: Too many open files
Dec 15 22:38:00 mx1 last message repeated 1366 times

$ unbound-checkconf -o outgoing-range
4000

But even after settting this to 1500 and having a login.conf:

unbound:\
        :openfiles-cur=2048:\
        :tc=daemon:

I am still seeing these log messages.

I'd like to make sure the settings out of the box are reasonable
(setting outgoing-range any maybe other options in the default config
and/or having a default entry in loging.conf, but so far unbound is
not cooperating. Any clue on what setting I should fiddle with?

    -Otto





   
Reply | Threaded
Open this post in threaded view
|

Re: unnbound vs file descriptors

Otto Moerbeek
On Tue, Dec 16, 2014 at 09:04:52AM +0000, Bogdan Andu wrote:

> may just a naive question..
> but did you sudo vipw
> and put unbound class for unbound user?

That's not neccesary anymore these days, I believe. The rc.d subsystem
takes case of setting the proper class, if available.  At least it
does not document setting the login class in the pwd db is needed.

        -Otto


> /Bogdan
>  
>
>      On Tuesday, December 16, 2014 9:46 AM, Otto Moerbeek <[hidden email]> wrote:
>    
>
>  Hi,
>
> So i have started using unbound on a mailserver (running amd64 5.6-stable).
>
> First observation is that it uses (too?) many file descriptors in the
> default setup.
>
> Dec 15 22:38:00 mx1 unbound: [8713:0] error: can't create socket: Too many open files
> Dec 15 22:38:00 mx1 last message repeated 1366 times
>
> $ unbound-checkconf -o outgoing-range
> 4000
>
> But even after settting this to 1500 and having a login.conf:
>
> unbound:\
> ?? ?? ?? ?? :openfiles-cur=2048:\
> ?? ?? ?? ?? :tc=daemon:
>
> I am still seeing these log messages.
>
> I'd like to make sure the settings out of the box are reasonable
> (setting outgoing-range any maybe other options in the default config
> and/or having a default entry in loging.conf, but so far unbound is
> not cooperating. Any clue on what setting I should fiddle with?
>
> ?????? -Otto
>
>
>
>
>
>    

Reply | Threaded
Open this post in threaded view
|

Re: unnbound vs file descriptors

Antoine Jacoutot-7
> > may just a naive question..
> > but did you sudo vipw
> > and put unbound class for unbound user?
>
> That's not neccesary anymore these days, I believe. The rc.d subsystem
> takes case of setting the proper class, if available.  At least it

That's correct.

> does not document setting the login class in the pwd db is needed.

Because it's not :-)

--
Antoine

Reply | Threaded
Open this post in threaded view
|

Re: unnbound vs file descriptors

Otto Moerbeek
On Tue, Dec 16, 2014 at 10:30:21AM +0100, Antoine Jacoutot wrote:

> > > may just a naive question..
> > > but did you sudo vipw
> > > and put unbound class for unbound user?
> >
> > That's not neccesary anymore these days, I believe. The rc.d subsystem
> > takes case of setting the proper class, if available.  At least it
>
> That's correct.
>
> > does not document setting the login class in the pwd db is needed.
>
> Because it's not :-)
>
> --
> Antoine

Well, there's more to it than that.

unbound has code to set it's own rlimits. It uses setusercontext()
with the class of the _unbound user. So the class of the unbound user
*does* matter.

If I set the class of the _unbound user and both cur and max things
seem to work:

unbound:\
        :openfiles=2048:\
        :tc=daemon:

Just setting cur does not work, since it then tries to set a cur
higher than max and you'll get an error:

unbound: unbound: setting resource limit openfiles: Invalid argument

in the daemon log.

        -Otto