BIND and persistent connections
Stuart.Browne at team.neustar
Thu Nov 14 23:34:15 UTC 2019
Not sure if I responded to this last year, but thanks.
> -----Original Message-----
> From: Tony Finch [mailto:dot at dotat.at]
> Sent: Wednesday, 19 December 2018 10:26 PM
> To: Browne, Stuart
> Cc: bind-users at lists.isc.org
> Subject: Re: BIND and persistent connections
> Browne, Stuart via bind-users <bind-users at lists.isc.org> wrote:
> > I was wondering if anybody had any thoughts on how to limit the
> > concurrency or at least the lifetime of these persistent connections
> > within BIND.
> If you are running BIND 9.12, you have a bunch of new options related to
> RFC 7827 EDNS TCP keepalive (see below for examples). The timeouts default
> to 30 seconds (same as before the options were added). They also affect
> connections that don't use the EDNS keepalive option.
> I have reduced mine, mainly to reduce the concurrency used by Android
> DNS-over-TLS. (I'm using nginx as a DoT proxy so there's one back-end TCP
> connection per client TLS connection.)
> tcp-idle-timeout 50; # 5 seconds
> tcp-initial-timeout 25; # 2.5s minimum permitted
> tcp-keepalive-timeout 50; # 5 seconds
> tcp-advertised-timeout 50; # 5 seconds
> Excessive concurrency is still a problem.
> f.anthony.n.finch <dot at dotat.at>
> Viking, North Utsire, South Utsire: Southeasterly 6 to gale 8,
> severe gale 9 at first. Very rough or high, becoming rough later. Rain
> showers. Good occasionally poor at first.
More information about the bind-users