Dear Wouter, On 06/07/17 10:30 +0200, W.C.A. Wijngaards via Unbound-users wrote: >Hi Nick, > >The config number for outgoing tcp is likely too low. outgoing-num-tcp: >1000 We had it set to 3000. The machine is a resolver, with four machines forwarding to it. It has normal traffic of about 8,000 queries per second. The caches have up to 45,000 queries per second. >Also, you may be running out of port numbers, perhaps this causes the >'bind a tcp socket returns errno Address already in use', because the >choice of port number was left to the kernel? Unless you force a >particular port number in the config, but that is unlikely. Please can you suggest how I might do that? >People usually want to change the kernel handling of timewait with >port reuse when that happens. So that is through a sysctl setting, I expect. >Best regards, Wouter > >On 06/07/17 10:13, Nick Urbanik via Unbound-users wrote: >> Dear Folks, >> >> A DNS server running unbound 1.6.3 has these messages; any suggestions >> on what is happening? >> >> error: serviced_tcp_initiate: failed to send tcp query >> error: outgoing tcp: bind: Address already in use Here is the configuration, which is complete, except for the access-control statements, which are included from /etc/unbound/local.d/*.conf. No other statements are included. Can you suggest any possible changes to better support TCP queries? include: /etc/unbound/conf.d/*.conf remote-control: control-cert-file: /etc/unbound/unbound_control.pem control-enable: yes control-interface: 127.0.0.1 control-key-file: /etc/unbound/unbound_control.key server-cert-file: /etc/unbound/unbound_server.pem server-key-file: /etc/unbound/unbound_server.key server: auto-trust-anchor-file: /var/lib/unbound/root.key chroot: "" directory: /etc/unbound dlv-anchor-file: /etc/unbound/dlv.isc.org.key do-ip6: no extended-statistics: yes harden-below-nxdomain: yes harden-glue: yes harden-referral-path: yes hide-identity: yes hide-version: yes include: /etc/unbound/local.d/*.conf incoming-num-tcp: 3000 infra-cache-numhosts: 40000 infra-cache-slabs: 16 interface: 127.0.0.1 interface: 18.104.22.168 interface: 22.214.171.124 interface: 126.96.36.199 interface-automatic: no key-cache-size: 128m key-cache-slabs: 16 log-time-ascii: yes logfile: /var/log/unbound/unbound.log max-udp-size: 3072 minimal-responses: yes msg-cache-size: 800m msg-cache-slabs: 16 neg-cache-size: 128m num-queries-per-thread: 16384 num-threads: 8 outgoing-interface: 188.8.131.52 outgoing-num-tcp: 3000 outgoing-port-avoid: 0-2767 outgoing-port-permit: 2768-65535 outgoing-range: 49152 pidfile: /var/run/unbound/unbound.pid prefetch: yes prefetch-key: yes ratelimit: 1000 ratelimit-factor: 10 ratelimit-for-domain: . 10000 ratelimit-for-domain: com. 10000 ratelimit-for-domain: dlv.isc.org. 10000 ratelimit-for-domain: edu. 5000 ratelimit-for-domain: gov. 5000 ratelimit-for-domain: net. 5000 ratelimit-for-domain: org. 5000 ratelimit-size: 128m ratelimit-slabs: 8 rrset-cache-size: 1600m rrset-cache-slabs: 16 rrset-roundrobin: yes so-rcvbuf: 8m so-reuseport: yes so-sndbuf: 8m statistics-cumulative: yes trusted-keys-file: /etc/unbound/keys.d/*.key unwanted-reply-threshold: 10000000 username: unbound -- Nick Urbanik http://nicku.org 808-71011 nick.urbanik at optusnet.com.au GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24 I disclaim, therefore I am.