From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 21 Nov 2025 08:17:46 +0000 (+0100)
Subject: dnsdist: Raise the maximum number of descriptors to 1M
X-Git-Tag: rec-5.4.0-alpha1~59^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91f86e3950f9a59a6da6d2937e84d8a3186f2789;p=thirdparty%2Fpdns.git

dnsdist: Raise the maximum number of descriptors to 1M

When running under systemd there is a cap on the number of open file or
socket descriptors that we can have at a given time. We used to set this
to 16k which was a large enough value for most installations, but now that
people are deploying DNSdist to offer DoT/DoH/DoQ/DoH3 to large numbers of
users we are regularly getting complaints that the default value is too low.
On the other hand I'm not aware of any case where having a cap actually
prevented an issue where we would be opening too many descriptors.
Therefore this commit is raising the default value to 1 millions, a large
enough values for even very large setups dealing with > 100k incoming
connections at a time.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
---

diff --git a/pdns/dnsdistdist/dnsdist.service.in b/pdns/dnsdistdist/dnsdist.service.in
index e0a9b3bbb3..d2b03db2cf 100644
--- a/pdns/dnsdistdist/dnsdist.service.in
+++ b/pdns/dnsdistdist/dnsdist.service.in
@@ -20,7 +20,7 @@ StartLimitInterval=0
 
 # Tuning
 TasksMax=8192
-LimitNOFILE=16384
+LimitNOFILE=1000000
 # Note: increasing the amount of lockable memory is required to use eBPF support
 # LimitMEMLOCK=infinity
 
diff --git a/pdns/dnsdistdist/dnsdist.service.meson.in b/pdns/dnsdistdist/dnsdist.service.meson.in
index 186acece88..e5cc5e0568 100644
--- a/pdns/dnsdistdist/dnsdist.service.meson.in
+++ b/pdns/dnsdistdist/dnsdist.service.meson.in
@@ -20,7 +20,7 @@ StartLimitInterval=0
 
 # Tuning
 TasksMax=8192
-LimitNOFILE=16384
+LimitNOFILE=1000000
 # Note: increasing the amount of lockable memory is required to use eBPF support
 # LimitMEMLOCK=infinity