BIND and persistent connections
Browne, Stuart
Stuart.Browne at team.neustar
Thu Nov 14 23:34:15 UTC 2019
Not sure if I responded to this last year, but thanks.
Stuart
> -----Original Message-----
> From: Tony Finch [mailto:dot at dotat.at]
> Sent: Wednesday, 19 December 2018 10:26 PM
> To: Browne, Stuart
> Cc: bind-users at lists.isc.org
> Subject: Re: BIND and persistent connections
>
> Browne, Stuart via bind-users <bind-users at lists.isc.org> wrote:
> >
> > I was wondering if anybody had any thoughts on how to limit the
> > concurrency or at least the lifetime of these persistent connections
> > within BIND.
>
> If you are running BIND 9.12, you have a bunch of new options related to
> RFC 7827 EDNS TCP keepalive (see below for examples). The timeouts default
> to 30 seconds (same as before the options were added). They also affect
> connections that don't use the EDNS keepalive option.
>
> I have reduced mine, mainly to reduce the concurrency used by Android
> DNS-over-TLS. (I'm using nginx as a DoT proxy so there's one back-end TCP
> connection per client TLS connection.)
>
> tcp-idle-timeout 50; # 5 seconds
> tcp-initial-timeout 25; # 2.5s minimum permitted
> tcp-keepalive-timeout 50; # 5 seconds
> tcp-advertised-timeout 50; # 5 seconds
>
> Excessive concurrency is still a problem.
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at>
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__dotat.at_&d=DwIBAg&c=MOptNlVtIETeDALC_lULrw&r=udvvbouEjrWNUMab5xo_vLbU
> E6LRGu5fmxLhrDvVJS8&m=JTnM4a1inaCfDoxVF_4YSLxG0ZMNs5KM-
> vGYEvYGn3E&s=NwdB8uMWwCIVphZw-jaaoVtu7PprQCHjwb6Fn_kuKgk&e=
> Viking, North Utsire, South Utsire: Southeasterly 6 to gale 8,
> occasionally
> severe gale 9 at first. Very rough or high, becoming rough later. Rain
> then
> showers. Good occasionally poor at first.
More information about the bind-users
mailing list