Maintained by: NLnet Labs

error: outgoing tcp: bind: Address already in use

Nick Urbanik
Wed Jul 12 06:37:06 CEST 2017


Dear Wouter,

On 06/07/17 10:30 +0200, W.C.A. Wijngaards via Unbound-users wrote:
>Hi Nick,
>
>The config number for outgoing tcp is likely too low.  outgoing-num-tcp:
>1000

We had it set to 3000.  The machine is a resolver, with four machines
forwarding to it.  It has normal traffic of about 8,000 queries per
second.  The caches have up to 45,000 queries per second.


>Also, you may be running out of port numbers, perhaps this causes the
>'bind a tcp socket returns errno Address already in use', because the
>choice of port number was left to the kernel?  Unless you force a
>particular port number in the config, but that is unlikely.

Please can you suggest how I might do that?

>People usually want to change the kernel handling of timewait with
>port reuse when that happens.

So that is through a sysctl setting, I expect.

>Best regards, Wouter
>
>On 06/07/17 10:13, Nick Urbanik via Unbound-users wrote:
>> Dear Folks,
>> 
>> A DNS server running unbound 1.6.3 has these messages; any suggestions
>> on what is happening?
>>  
>> error: serviced_tcp_initiate: failed to send tcp query
>> error: outgoing tcp: bind: Address already in use

Here is the configuration, which is complete, except for the
access-control statements, which are included from
/etc/unbound/local.d/*.conf.  No other statements are included.

Can you suggest any possible changes to better support TCP queries?

include: /etc/unbound/conf.d/*.conf
remote-control:
    control-cert-file: /etc/unbound/unbound_control.pem
    control-enable: yes
    control-interface: 127.0.0.1
    control-key-file: /etc/unbound/unbound_control.key
    server-cert-file: /etc/unbound/unbound_server.pem
    server-key-file: /etc/unbound/unbound_server.key
server:
    auto-trust-anchor-file: /var/lib/unbound/root.key
    chroot: ""
    directory: /etc/unbound
    dlv-anchor-file: /etc/unbound/dlv.isc.org.key
    do-ip6: no
    extended-statistics: yes
    harden-below-nxdomain: yes
    harden-glue: yes
    harden-referral-path: yes
    hide-identity: yes
    hide-version: yes
    include: /etc/unbound/local.d/*.conf
    incoming-num-tcp: 3000
    infra-cache-numhosts: 40000
    infra-cache-slabs: 16
    interface: 127.0.0.1
    interface: 130.232.53.173
    interface: 20.81.34.106
    interface: 24.219.107.46
    interface-automatic: no
    key-cache-size: 128m
    key-cache-slabs: 16
    log-time-ascii: yes
    logfile: /var/log/unbound/unbound.log
    max-udp-size: 3072
    minimal-responses: yes
    msg-cache-size: 800m
    msg-cache-slabs: 16
    neg-cache-size: 128m
    num-queries-per-thread: 16384
    num-threads: 8
    outgoing-interface: 24.219.107.46
    outgoing-num-tcp: 3000
    outgoing-port-avoid: 0-2767
    outgoing-port-permit: 2768-65535
    outgoing-range: 49152
    pidfile: /var/run/unbound/unbound.pid
    prefetch: yes
    prefetch-key: yes
    ratelimit: 1000
    ratelimit-factor: 10
    ratelimit-for-domain: .    10000
    ratelimit-for-domain: com. 10000
    ratelimit-for-domain: dlv.isc.org. 10000
    ratelimit-for-domain: edu. 5000
    ratelimit-for-domain: gov. 5000
    ratelimit-for-domain: net. 5000
    ratelimit-for-domain: org. 5000
    ratelimit-size: 128m
    ratelimit-slabs: 8
    rrset-cache-size: 1600m
    rrset-cache-slabs: 16
    rrset-roundrobin: yes
    so-rcvbuf: 8m
    so-reuseport: yes
    so-sndbuf: 8m
    statistics-cumulative: yes
    trusted-keys-file: /etc/unbound/keys.d/*.key
    unwanted-reply-threshold: 10000000
    username: unbound
-- 
Nick Urbanik http://nicku.org 808-71011 nick.urbanik at optusnet.com.au
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24  ID: BB9D2C24
I disclaim, therefore I am.