Not sure if I responded to this last year, but thanks. Stuart
> -----Original Message----- > From: Tony Finch [mailto:d...@dotat.at] > Sent: Wednesday, 19 December 2018 10:26 PM > To: Browne, Stuart > Cc: bind-users@lists.isc.org > Subject: Re: BIND and persistent connections > > Browne, Stuart via bind-users <bind-users@lists.isc.org> wrote: > > > > I was wondering if anybody had any thoughts on how to limit the > > concurrency or at least the lifetime of these persistent connections > > within BIND. > > If you are running BIND 9.12, you have a bunch of new options related to > RFC 7827 EDNS TCP keepalive (see below for examples). The timeouts default > to 30 seconds (same as before the options were added). They also affect > connections that don't use the EDNS keepalive option. > > I have reduced mine, mainly to reduce the concurrency used by Android > DNS-over-TLS. (I'm using nginx as a DoT proxy so there's one back-end TCP > connection per client TLS connection.) > > tcp-idle-timeout 50; # 5 seconds > tcp-initial-timeout 25; # 2.5s minimum permitted > tcp-keepalive-timeout 50; # 5 seconds > tcp-advertised-timeout 50; # 5 seconds > > Excessive concurrency is still a problem. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> > https://urldefense.proofpoint.com/v2/url?u=http- > 3A__dotat.at_&d=DwIBAg&c=MOptNlVtIETeDALC_lULrw&r=udvvbouEjrWNUMab5xo_vLbU > E6LRGu5fmxLhrDvVJS8&m=JTnM4a1inaCfDoxVF_4YSLxG0ZMNs5KM- > vGYEvYGn3E&s=NwdB8uMWwCIVphZw-jaaoVtu7PprQCHjwb6Fn_kuKgk&e= > Viking, North Utsire, South Utsire: Southeasterly 6 to gale 8, > occasionally > severe gale 9 at first. Very rough or high, becoming rough later. Rain > then > showers. Good occasionally poor at first. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
