[Pdns-users] SERVFAIL/can't update .: problems probably fixed

[bert hubert]

Dear PowerDNS users,

Some of you have previously reported seeing the PowerDNS Recursor enter a
state where it sends an increasing fraction of answers with 'SERVFAIL'
errors, and logs "Unable to refresh . records, rcode=2". It turns out that
this problem has been around for many months, so it is not bothering too
many people, but still.

Together with Stefan Schmidt and one of his colleagues, we've discovered
that PowerDNS under some error circumstances neglects to close the socket
causing an error, which in turn causes file descriptors to run out over
time, which in turn causes the SERVFAIL answers.

If you operate a PowerDNS Recursor (any version past 3.0 at least), and
suffer from this problem, you can address it in two ways:

The easy way only delays the onset of SERVFAILS, and is to raise the number
of available file descriptors. This is most necessary on Solaris, which
allocates a small number of them by default, and nearly not needed on
FreeBSD, which offers a very large number of them. 

Raising the number of available file descriptors is typically done using
for example 'ulimit -n 16384' before starting the PowerDNS Recursor.

The "real" solution is to apply patch 892, as available on
http://wiki.powerdns.com/projects/trac/changeset/892 - instructions on how
to apply, which is not for everyone, can be found on
http://wiki.powerdns.com/projects/trac/wiki/HACKING

Please let us know if this resolves any problems you may have had.

Kind regards,

bert hubert

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services