BIND and persistent connections
Tony Finch
dot at dotat.at
Wed Dec 19 11:26:02 UTC 2018
Browne, Stuart via bind-users <bind-users at lists.isc.org> wrote:
>
> I was wondering if anybody had any thoughts on how to limit the
> concurrency or at least the lifetime of these persistent connections
> within BIND.
If you are running BIND 9.12, you have a bunch of new options related to
RFC 7827 EDNS TCP keepalive (see below for examples). The timeouts default
to 30 seconds (same as before the options were added). They also affect
connections that don't use the EDNS keepalive option.
I have reduced mine, mainly to reduce the concurrency used by Android
DNS-over-TLS. (I'm using nginx as a DoT proxy so there's one back-end TCP
connection per client TLS connection.)
tcp-idle-timeout 50; # 5 seconds
tcp-initial-timeout 25; # 2.5s minimum permitted
tcp-keepalive-timeout 50; # 5 seconds
tcp-advertised-timeout 50; # 5 seconds
Excessive concurrency is still a problem.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Viking, North Utsire, South Utsire: Southeasterly 6 to gale 8, occasionally
severe gale 9 at first. Very rough or high, becoming rough later. Rain then
showers. Good occasionally poor at first.
More information about the bind-users
mailing list