BIND and persistent connections

[Browne, Stuart]

Not sure if I responded to this last year, but thanks.

Stuart

> -----Original Message-----
> From: Tony Finch [mailto:dot at dotat.at]
> Sent: Wednesday, 19 December 2018 10:26 PM
> To: Browne, Stuart
> Cc: bind-users at lists.isc.org
> Subject: Re: BIND and persistent connections
> 
> Browne, Stuart via bind-users <bind-users at lists.isc.org> wrote:
> >
> > I was wondering if anybody had any thoughts on how to limit the
> > concurrency or at least the lifetime of these persistent connections
> > within BIND.
> 
> If you are running BIND 9.12, you have a bunch of new options related to
> RFC 7827 EDNS TCP keepalive (see below for examples). The timeouts default
> to 30 seconds (same as before the options were added). They also affect
> connections that don't use the EDNS keepalive option.
> 
> I have reduced mine, mainly to reduce the concurrency used by Android
> DNS-over-TLS. (I'm using nginx as a DoT proxy so there's one back-end TCP
> connection per client TLS connection.)
> 
> 	tcp-idle-timeout 50; # 5 seconds
> 	tcp-initial-timeout 25; # 2.5s minimum permitted
> 	tcp-keepalive-timeout 50; # 5 seconds
> 	tcp-advertised-timeout 50; # 5 seconds
> 
> Excessive concurrency is still a problem.
> 
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__dotat.at_&d=DwIBAg&c=MOptNlVtIETeDALC_lULrw&r=udvvbouEjrWNUMab5xo_vLbU
> E6LRGu5fmxLhrDvVJS8&m=JTnM4a1inaCfDoxVF_4YSLxG0ZMNs5KM-
> vGYEvYGn3E&s=NwdB8uMWwCIVphZw-jaaoVtu7PprQCHjwb6Fn_kuKgk&e=
> Viking, North Utsire, South Utsire: Southeasterly 6 to gale 8,
> occasionally
> severe gale 9 at first. Very rough or high, becoming rough later. Rain
> then
> showers. Good occasionally poor at first.