From fanf2@hermes.cam.ac.uk  Thu Mar 10 15:20:11 2016
CC: "Tony Finch" <dot@dotat.at>
MIME-Version: 1.0
In-Reply-To: <rt-4.2.8-31497-1457615793-844.41908-5-0@isc.org>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, T_RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0
X-RT-Interface: API
X-Cam-Antivirus: no malware found
References: <RT-Ticket-41908@isc.org> <alpine.LSU.2.00.1603101227280.22844@hermes-2.csi.cam.ac.uk> <rt-4.2.8-31497-1457615793-844.41908-5-0@isc.org>
Message-ID: <alpine.LSU.2.00.1603101516590.22844@hermes-2.csi.cam.ac.uk>
content-type: TEXT/PLAIN; charset="utf-8"
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
X-RT-Original-Encoding: utf-8
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id 11ED571B5A8 for <bind9-bugs@bugs.isc.org>; Thu, 10 Mar 2016 15:20:11 +0000 (UTC)
Received: from ppsw-43.csi.cam.ac.uk (ppsw-43.csi.cam.ac.uk [131.111.8.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id CAE6234951A for <bind9-bugs@isc.org>; Thu, 10 Mar 2016 15:20:07 +0000 (UTC)
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:40557) by ppsw-43.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.159]:25) with esmtpa (EXTERNAL:fanf2) id 1ae2Nh-0000rw-nX (Exim 4.86_36-e07b163) (return-path <fanf2@hermes.cam.ac.uk>); Thu, 10 Mar 2016 15:20:05 +0000
Received: from fanf2 by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1ae2Nh-0000CX-BB (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Thu, 10 Mar 2016 15:20:05 +0000
Delivered-To: bind9-bugs@bugs.isc.org
Subject: Re: [ISC-Bugs #41908] Running out of ephemeral TCP ports
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: bind9-bugs@bugs.isc.org
Date: Thu, 10 Mar 2016 15:20:05 +0000
Sender: "Tony Finch" <fanf2@hermes.cam.ac.uk>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org
To: "Francis Dupont via RT" <bind9-bugs@isc.org>
X-Cam-Scannerinfo: http://www.cam.ac.uk/cs/email/scanner/
From: "Tony Finch" <dot@dotat.at>
RT-Message-ID: <rt-4.2.8-32318-1457623211-1340.41908-0-0@isc.org>
Content-Length: 966

Francis Dupont via RT <bind9-bugs@isc.org> wrote:

> BTW as you use Linux there are some specific tunings
> which solve it.

Hmm. I have set net.ipv4.tcp_tw_reuse=1 which is supposed to help, but
`dig` still fails as before. I have also increased the ephemeral port
range which just postpones the problem a few seconds.

> About to add a REUSEADDR it has a bad side effect as some traffic not
> for dig or named can be caught by accident: REUSEADDR explicitly allows
> port collision... And we got complains about this issue when named used
> this socket option without care.

Surely it shouldn't catch unwanted traffic if it is an outgoing TCP
connection? (as opposed to UDP)

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Southeast Iceland: Southerly veering southwesterly 6 to gale 8, occasionally
severe gale 9 in west. Rough or very rough, becoming very rough or high. Rain
or snow, then snow showers. Moderate or good, occasionally very poor.