Kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7)

slu

Hi,

my pfSense stop with the dns resolution today.

Syslog show:

Jun 12 07:16:19 	dnsmasq[19277]: failed to read /etc/resolv.conf: Too many open files in system
Jun 12 07:16:19 	dnsmasq[19277]: failed to read /etc/resolv.conf: Too many open files in system
Jun 12 07:16:19 	kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7).
Jun 12 07:16:21 	dnsmasq[19277]: failed to read /etc/resolv.conf: Too many open files in system
Jun 12 07:16:21 	dnsmasq[19277]: failed to read /etc/resolv.conf: Too many open files in system
Jun 12 07:16:21 	kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7).

Here is a old topic, but not really a solution why the system want open so much files:
http://forum.pfsense.org/index.php/topic,29885.msg154831/topicseen.html#msg154831

I have only installed the "OpenVPN Client Export Utility", pfSense 2.0.3 amd64

jimp

If/when that happens again, look at the output of "fstat" in the shell and see what has all of the files open.

That isn't normal to see, especially if you don't have any other packages installed.

slu

@jimp:

If/when that happens again, look at the output of "fstat" in the shell and see what has all of the files open.

I will look the next time, this morning there was no time to search and i reboot the system.  :-[

slu

@jimp:

If/when that happens again, look at the output of "fstat" in the shell and see what has all of the files open.

Today again:

[...]
root     filterdns  28615 5663 /        14743744 -rw-r--r--     613  r
root     filterdns  28615 5664 /        14743744 -rw-r--r--     613  r
root     filterdns  28615 5665 /        14743744 -rw-r--r--     613  r
root     filterdns  28615 5666 /        14743744 -rw-r--r--     613  r
root     filterdns  28615 5667 /        14743744 -rw-r--r--     613  r
root     filterdns  28615 5668 /        14743744 -rw-r--r--     613  r
root     filterdns  28615 5669 /        14743744 -rw-r--r--     613  r

What is "filterdns" and how can I fix it?

jimp

filterdns translates hostnames in aliases into IP addresses so they can be used in pf tables.

I don't recall ever seeing it go that nuts, though.

Do you have a lot of hostnames in your aliases?

slu

@jimp:

Do you have a lot of hostnames in your aliases?

No, i had about 20 hostnames in my aliases.
Delete them all and replace it by the ip address.
Interesting is the last alias i delete with hostnames, is still avalible in /var/etc/filterdns.conf

Can it be a problem if some hostnames can not resolved?

jimp

No that shouldn't be a problem.

The last hostname sticking in filterdns.conf is a known issue that has been fixed (along with many other filterdns issues) on 2.1

tacfit

Same thing just happened to us. We're on 2.0.3, so maybe we need to update? The output of fstat was saturated with 2 different apps:

root    filterdns  40614  666 /        15544735 -rw-r–r--      0  r
...

and also

root    ipfw-classifyd 27444 1264 /        18514540 -rw-r--r--      34  r
...

A reboot got us back.

firegrass

Since upgrading to 2.1-RELEASE, from a snapshot in June (ish), I am seeing this problem. Only have two hostnames in aliases.

b0rman

@firegrass:

Since upgrading to 2.1-RELEASE, from a snapshot in June (ish), I am seeing this problem. Only have two hostnames in aliases.

Absolutely same situation with open files and filterdns :( Any ideas?

heper

same here on an old p4 that got updated from 2.0.x to 2.1 alpha->beta->release
every 2 weeks i need to restart the service.

Smakodak

I'm joining in. Since upgrading to 2.1 Release, I have this problem too.

resolver log: dnsmasq[61060]: failed to load names from /etc/hosts: Too many open files in system
system log: kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7).

heper

in my case it appears to have been caused by a harddrive that was starting to fail … it died completely on monday ;)

gabrielpc1190

Im on 2.1-Release and had to reboot my system today because I lost dns resolving and that log was thousands of times.
I tried the fstab and had similar to this:

[…]
root    filterdns  28615 5663 /        14743744 -rw-r–r--    613  r
root    filterdns  28615 5664 /        14743744 -rw-r--r--    613  r
root    filterdns  28615 5665 /        14743744 -rw-r--r--    613  r
root    filterdns  28615 5666 /        14743744 -rw-r--r--    613  r
root    filterdns  28615 5667 /        14743744 -rw-r--r--    613  r
root    filterdns  28615 5668 /        14743744 -rw-r--r--    613  r
root    filterdns  28615 5669 /        14743744 -rw-r--r--    613  r

mircsicz

+1 for me…

EDIT:
I solved the prob by writing the 2.1.2 *.img to another CF & restoring the config...

silvertip257

I've seen this "max files" problem every couple of months probably since January-ish of this year.
Past related posts (0) (1) indicate there is a problem, but don't offer a solution and are quite dated.

I have a PC Engines ALIX 2D13 that I've had for few years now.
The pfSense Store sells these (2) so I'd figure these would be well supported.

Today dnsmasq was no longer processing DHCP requests.  I could have statically assigned an IP address and tried to access the unit, but instead consoled into the device.  I ended up consoling into the unit and found system.log indicating the board was low on memory.  This unit had only been running for approximately 47 days since my upgrade to version 2.1.2.  I ended up rebooting it and also opted to upgrade to version 2.1.3 afterwards.

In the past when dnsmasq wouldn't process DNS queries, I found filterdns had quite a few files open (output from fstat).  I don't have a total count of open files from the time periods when there were problems.

I whipped up the following one-liner for the future.  Maybe it's useful to somebody else as well.

# filterdns open files
fstat | awk '/filterdns/{i++} END{printf("%d files open by filterdns\n", i)}'

# all open files per process plus a total
fstat | awk '\!/CMD/{print $2} END{printf("* Total files open: %d", NR)}' | sort | uniq -c | sort -n

I have a few aliases for my pf rules which have host names and one persistent IPSec tunnel.

The unit has been up for <60 minutes now and has 20 open files by the filterdns user, but other users have many more open files.

If pfSense developers (or anyone else) have any proactive tips as to what else I might look for or try, please reply!  Thanks.

(0) https://forum.pfsense.org/index.php?topic=29885.0
(1) https://forums.freebsd.org/viewtopic.php?&t=1553
(2) http://store.pfsense.org/vk-2d13-black/

Cristacul

Hello

I had the same problem a couple of months ago. In my case pfBlocker was the cause (had a rule with whole world blocked except Europe) and eventually it crashed with a lot of filterdns files opened.

silvertip257

Thanks for the reply Cristacul.

pfBlocker is not the cause for my problem since I'm not using it.

It is my understanding that firewall rules with (or other features that utilize) domain names are the only ones that utilize filterdns.
Might there be something else at work here causing my problem?

gabrielpc1190

Same problem and not having pfBlocker.
I have pfSense 2.1.4 64bits  :(

silvertip257

@silvertip257:

I whipped up the following one-liner for the future.  Maybe it's useful to somebody else as well.

# filterdns open files
fstat | awk '/filterdns/{i++} END{printf("%d files open by filterdns\n", i)}'

# all open files per process plus a total
fstat | awk '\!/CMD/{print $2} END{printf("* Total files open: %d", NR)}' | sort | uniq -c | sort -n

Here's an extension to my previous one-liner commands.
This one is more helpful to get the big picture (beyond what filterdns is doing).

# spit out open files with a count per command and order them

fstat | awk '\!/CMD/{print $2}' | sort | uniq -c | sort -n