Folks, further to this issue, we still had the named.conf option
keep-response-order { any; }; // Disable TCP-pipelining
set as a workaround to an old vulnerability. Removing that appears
to have fixed the CLOSE_WAIT connections we were accumulating.
Regards,
Ronan Flood
On Thu, May 27
Hello
We updated on Monday from bind-9.16.6/8 to bind-9.16.15/16 on some
public-facing authoritative nameservers. Since then, we are seeing
a build-up of inbound TCP connections to port 53 being left in
CLOSE_WAIT state indefinitely until named is restarted, or exhausting
the tcp-clients limit if
2 matches
Mail list logo
