bind 9.16 vs. 9.14 tcp client connections

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

bind 9.16 vs. 9.14 tcp client connections

Arsen STASIC
Hi,

Bind 9.16 was installed on 3/2 15:45 and tcp connections ramped up to maximum:
    rndc status | grep -i tcp
    tcp clients: 102/150
    TCP high-water: 150

Switching back to bind 9.14 on 3/4 15:45 shows "normal" tcp client behavior:
    rndc status | grep -i tcp
    tcp clients: 29/150
    TCP high-water: 67

I have found some tcp related changes in the later versions of 9.15 <https://ftp.isc.org/isc/bind/9.16.0/CHANGES>, but nothing which is explaining this kind of behaviour.
(attachment is in logarithmic scale)
Has someone else experienced this too?

cheers,
Arsen

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

bind9.16-tcp-d1b.png (37K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bind 9.16 vs. 9.14 tcp client connections

Ondřej Surý
Hi Arsen,

we think you are hitting a problem that was reported to us earlier.  Since it
has been now circulated on the bind-users, we made the merge request public:

https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3163

and patch:

https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3163.patch

ISC will be issuing a proper Operational Notification later this week
and the fix will be included in BIND 9.16.1 due in March.

Sorry for the inconvenience.

Thanks,
Ondrej
--
Ondřej Surý
[hidden email]

> On 5 Mar 2020, at 10:11, Arsen STASIC <[hidden email]> wrote:
>
> Hi,
>
> Bind 9.16 was installed on 3/2 15:45 and tcp connections ramped up to maximum:
>   rndc status | grep -i tcp
>   tcp clients: 102/150
>   TCP high-water: 150
>
> Switching back to bind 9.14 on 3/4 15:45 shows "normal" tcp client behavior:
>   rndc status | grep -i tcp
>   tcp clients: 29/150
>   TCP high-water: 67
>
> I have found some tcp related changes in the later versions of 9.15 <https://ftp.isc.org/isc/bind/9.16.0/CHANGES>, but nothing which is explaining this kind of behaviour.
> (attachment is in logarithmic scale)
> Has someone else experienced this too?
>
> cheers,
> Arsen
> <bind9.16-tcp-d1b.png>_______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (981 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bind 9.16 vs. 9.14 tcp client connections

Michael McNally
On 3/5/20 4:34 AM, Ondřej Surý wrote:

>> On 5 Mar 2020, at 10:11, Arsen STASIC <[hidden email]> wrote:
>>
>> Hi,
>>
>> Bind 9.16 was installed on 3/2 15:45 and tcp connections ramped up to maximum:
>>   rndc status | grep -i tcp
>>   tcp clients: 102/150
>>   TCP high-water: 150
>>
>> Switching back to bind 9.14 on 3/4 15:45 shows "normal" tcp client behavior:
>>   rndc status | grep -i tcp
>>   tcp clients: 29/150
>>   TCP high-water: 67
>>
>> I have found some tcp related changes in the later versions of 9.15
<https://ftp.isc.org/isc/bind/9.16.0/CHANGES>,>> but nothing which is explaining this kind
of behaviour.

>>
>> Has someone else experienced this too?
>
> Hi Arsen,
>
> we think you are hitting a problem that was reported to us earlier.  Since it
> has been now circulated on the bind-users, we made the merge request public:
>
> https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3163
>
...
>
> ISC will be issuing a proper Operational Notification later this week
> and the fix will be included in BIND 9.16.1 due in March.
>
> Sorry for the inconvenience.

Hello --

Subscribers who are also subscribed to the bind-announce list will now
have received our Operational Notification concerning this issue.
If you're not a subscriber to that list..  why not?  (it's low
traffic and only carries important announcements, generally about releases
and security issues). But in any case you can view the Operational Notification
via the list archives:

  https://lists.isc.org/pipermail/bind-announce/2020-March/001150.html

or via our knowledge base:


https://kb.isc.org/docs/operational-notification-an-error-in-handling-tcp-client-quota-limits-can-exhaust-tcp-connections-in-bind-9160

The short version, though, is that we introduced a problem with TCP client
quota enforcement during the later releases of the 9.15 development branch
which was not noticed until 9.16.0.  A fix is available and a patch diff can
be found linked from either version of the Operational Notification links
above.

Apologies,

Michael McNally
ISC Support
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users