Browne, Stuart via bind-users <bind-users@lists.isc.org> wrote:
>
> I was wondering if anybody had any thoughts on how to limit the
> concurrency or at least the lifetime of these persistent connections
> within BIND.
If you are running BIND 9.12, you have a bunch of new options related to
RFC 7827 EDNS TCP keepalive (see below for examples). The timeouts default
to 30 seconds (same as before the options were added). They also affect
connections that don't use the EDNS keepalive option.
I have reduced mine, mainly to reduce the concurrency used by Android
DNS-over-TLS. (I'm using nginx as a DoT proxy so there's one back-end TCP
connection per client TLS connection.)
tcp-idle-timeout 50; # 5 seconds
tcp-initial-timeout 25; # 2.5s minimum permitted
tcp-keepalive-timeout 50; # 5 seconds
tcp-advertised-timeout 50; # 5 seconds
Excessive concurrency is still a problem.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Viking, North Utsire, South Utsire: Southeasterly 6 to gale 8, occasionally
severe gale 9 at first. Very rough or high, becoming rough later. Rain then
showers. Good occasionally poor at first.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
