answer-cookie true;\n\
automatic-interface-scan yes;\n\
bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
-# blackhole {none;};\n"
- " cookie-algorithm siphash24;\n"
- " coresize default;\n\
- datasize default;\n"
- "\
+# blackhole {none;};\n\
+ cookie-algorithm siphash24;\n\
# directory <none>\n\
dnssec-policy \"none\";\n\
dump-file \"named_dump.db\";\n\
- edns-udp-size 1232;\n\
- files unlimited;\n"
+ edns-udp-size 1232;\n"
#if defined(HAVE_GEOIP2)
"\
geoip-directory \"" MAXMINDDB_PREFIX "/share/GeoIP\";\n"
session-keyalg hmac-sha256;\n\
# session-keyfile \"" NAMED_LOCALSTATEDIR "/run/named/session.key\";\n\
session-keyname local-ddns;\n\
- stacksize default;\n\
startup-notify-rate 20;\n\
statistics-file \"named.stats\";\n\
tcp-advertised-timeout 300;\n\
/*
* Initial resource limits.
*/
-EXTERN isc_resourcevalue_t named_g_initstacksize INIT(0);
-EXTERN isc_resourcevalue_t named_g_initdatasize INIT(0);
-EXTERN isc_resourcevalue_t named_g_initcoresize INIT(0);
EXTERN isc_resourcevalue_t named_g_initopenfiles INIT(0);
/*
/*
* Get the initial resource limits.
*/
- RUNTIME_CHECK(isc_resource_getlimit(isc_resource_stacksize,
- &named_g_initstacksize) ==
- ISC_R_SUCCESS);
- RUNTIME_CHECK(isc_resource_getlimit(isc_resource_datasize,
- &named_g_initdatasize) ==
- ISC_R_SUCCESS);
- RUNTIME_CHECK(isc_resource_getlimit(isc_resource_coresize,
- &named_g_initcoresize) ==
- ISC_R_SUCCESS);
RUNTIME_CHECK(isc_resource_getlimit(isc_resource_openfiles,
&named_g_initopenfiles) ==
ISC_R_SUCCESS);
#include <isc/portset.h>
#include <isc/print.h>
#include <isc/refcount.h>
-#include <isc/resource.h>
#include <isc/result.h>
#include <isc/signal.h>
#include <isc/siphash.h>
}
}
-static void
-set_limit(const cfg_obj_t **maps, const char *configname,
- const char *description, isc_resource_t resourceid,
- isc_resourcevalue_t defaultvalue) {
- const cfg_obj_t *obj = NULL;
- const char *resource;
- isc_resourcevalue_t value;
- isc_result_t result;
-
- if (named_config_get(maps, configname, &obj) != ISC_R_SUCCESS) {
- return;
- }
-
- if (cfg_obj_isstring(obj)) {
- resource = cfg_obj_asstring(obj);
- if (strcasecmp(resource, "unlimited") == 0) {
- value = ISC_RESOURCE_UNLIMITED;
- } else {
- INSIST(strcasecmp(resource, "default") == 0);
- value = defaultvalue;
- }
- } else {
- value = cfg_obj_asuint64(obj);
- }
-
- result = isc_resource_setlimit(resourceid, value);
- isc_log_write(
- named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER,
- result == ISC_R_SUCCESS ? ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
- "set maximum %s to %" PRIu64 ": %s", description, value,
- isc_result_totext(result));
-}
-
-#define SETLIMIT(cfgvar, resource, description) \
- set_limit(maps, cfgvar, description, isc_resource_##resource, \
- named_g_init##resource)
-
-static void
-set_limits(const cfg_obj_t **maps) {
- SETLIMIT("stacksize", stacksize, "stack size");
- SETLIMIT("datasize", datasize, "data size");
- SETLIMIT("coresize", coresize, "core size");
- SETLIMIT("files", openfiles, "open files");
-}
-
static void
portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports,
bool positive) {
server->bindkeysfile);
}
- /*
- * Set process limits, which (usually) needs to be done as root.
- */
- set_limits(maps);
-
/*
* Check the process lockfile.
*/
INT_FIELD_DEFS(minroots)
INT_FIELD_DEFS(serialqueries)
INT_FIELD_DEFS(sigvalidityinterval)
-INT_FIELD_DEFS(datasize)
-INT_FIELD_DEFS(stacksize)
-INT_FIELD_DEFS(coresize)
-INT_FIELD_DEFS(files)
INT_FIELD_DEFS(maxcachesize)
INT_FIELD_DEFS(maxncachettl)
INT_FIELD_DEFS(maxcachettl)
This option acts like :any:`notify-source`, but applies to ``NOTIFY`` messages sent to IPv6
addresses.
-.. _resource_limits:
-
-Operating System Resource Limits
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The server's usage of many system resources can be limited. Scaled
-values are allowed when specifying resource limits. For example, ``1G``
-can be used instead of ``1073741824`` to specify a limit of one
-gigabyte. ``unlimited`` requests unlimited use, or the maximum available
-amount. ``default`` uses the limit that was in force when the server was
-started. See the description of :term:`size`.
-
-The following options are deprecated in favor of setting the operating system
-resource limits from the operating system and/or process supervisor, should not
-be used, and will be rendered non-operational in a future release.
-
-
-.. namedconf:statement:: coresize
- :tags: deprecated
- :short: Sets the maximum size of a core dump.
-
- This sets the maximum size of a core dump. The default is ``default``.
-
-.. namedconf:statement:: datasize
- :tags: deprecated
- :short: Sets the maximum amount of data memory that can be used by the server.
-
- This sets the maximum amount of data memory the server may use. The default is
- ``default``. This is a hard limit on server memory usage; if the
- server attempts to allocate memory in excess of this limit, the
- allocation will fail, which may in turn leave the server unable to
- perform DNS service. Therefore, this option is rarely useful as a way
- to limit the amount of memory used by the server, but it can be
- used to raise an operating system data size limit that is too small
- by default. To limit the amount of memory used by the
- server, use the :any:`max-cache-size` and :any:`recursive-clients` options
- instead.
-
-.. namedconf:statement:: files
- :tags: deprecated
- :short: Sets the maximum number of files the server may have open concurrently.
-
- This sets the maximum number of files the server may have open concurrently.
- The default is ``unlimited``.
-
-.. namedconf:statement:: stacksize
- :tags: deprecated
- :short: Sets the maximum amount of stack memory that can be used by the server.
-
- This sets the maximum amount of stack memory the server may use. The default is
- ``default``.
-
.. _server_resource_limits:
Server Resource Limits
clients\-per\-query <integer>;
cookie\-algorithm ( aes | siphash24 );
cookie\-secret <string>; // may occur multiple times
- coresize ( default | unlimited | <sizeval> ); // deprecated
- datasize ( default | unlimited | <sizeval> ); // deprecated
deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
dialup ( notify | notify\-passive | passive | refresh | <boolean> );
fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches\-per\-server <integer> [ ( drop | fail ) ];
fetches\-per\-zone <integer> [ ( drop | fail ) ];
- files ( default | unlimited | <sizeval> ); // deprecated
flush\-zones\-on\-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
sig\-signing\-type <integer>;
sig\-validity\-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
- stacksize ( default | unlimited | <sizeval> ); // deprecated
stale\-answer\-client\-timeout ( disabled | off | <integer> );
stale\-answer\-enable <boolean>;
stale\-answer\-ttl <duration>;
clients-per-query <integer>;
cookie-algorithm ( aes | siphash24 );
cookie-secret <string>; // may occur multiple times
- coresize ( default | unlimited | <sizeval> ); // deprecated
- datasize ( default | unlimited | <sizeval> ); // deprecated
deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
dialup ( notify | notify-passive | passive | refresh | <boolean> );
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
- files ( default | unlimited | <sizeval> ); // deprecated
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
- stacksize ( default | unlimited | <sizeval> ); // deprecated
stale-answer-client-timeout ( disabled | off | <integer> );
stale-answer-enable <boolean>;
stale-answer-ttl <duration>;
#maintain - ixfr - base no; // If yes, keep transaction log file for IXFR
max - ixfr - log - size 20m;
- coresize 100;
- datasize 101;
- files 230;
max - cache - size 1m;
- stacksize 231;
heartbeat - interval 1001;
interface - interval 1002;
statistics - interval 1003;
{ "blackhole", &cfg_type_bracketed_aml, 0 },
{ "cookie-algorithm", &cfg_type_cookiealg, 0 },
{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
- { "coresize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
- { "datasize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+ { "coresize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
+ { "datasize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
{ "deallocate-on-exit", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
#ifdef HAVE_DNSTAP
{ "dscp", &cfg_type_uint32, 0 },
{ "dump-file", &cfg_type_qstring, 0 },
{ "fake-iquery", NULL, CFG_CLAUSEFLAG_ANCIENT },
- { "files", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+ { "files", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
#ifdef HAVE_DNSTAP
{ "fstrm-set-buffer-hint", &cfg_type_uint32, 0 },
{ "session-keyfile", &cfg_type_qstringornone, 0 },
{ "session-keyname", &cfg_type_astring, 0 },
{ "sit-secret", NULL, CFG_CLAUSEFLAG_ANCIENT },
- { "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_DEPRECATED },
+ { "stacksize", &cfg_type_size, CFG_CLAUSEFLAG_ANCIENT },
{ "startup-notify-rate", &cfg_type_uint32, 0 },
{ "statistics-file", &cfg_type_qstring, 0 },
{ "statistics-interval", NULL, CFG_CLAUSEFLAG_ANCIENT },
projects / thirdparty / bind9.git / commitdiff
