[Unbound-users] Feature request: Unbound in forwarding mode to use TCP
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Thu Mar 21 09:05:50 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Olafur,
On 03/15/2013 03:30 PM, Olafur Gudmundsson wrote:
>
> Basically what I want is a configuration option that allows me to
> specify the preferred transport protocol something like: forwarder:
> <blash> prefer TCP; or tcp-forwarder: <blah> or udp-forwarder:
> <blah>
Such detailed config is not available, did you know the following
option is already implemented?
tcp-upstream: yes
If you set this, all communication with upstream (whether forwarding
or not forwarding) is done over TCP. You can also add config as a
forwarder, and thus have TCP forwarding.
If you are really paranoid, you can even use SSL-wrapped transport
with unbound, but this is trickier to set up (and it does not do
actual X509 PKI checks, just encapsulates the traffic).
Best regards,
Wouter
> The reason for this is forwarders close to the edge send bursts of
> queries and then go silent, thus if the burst is sent over TCP the
> overhead of setting up and closing the TCP connection is amortized.
>
>
> The forwarder should close the TCP connection after going silent
> for a short time (10seconds ?) or just leave the closing of the
> connection to the server.
>
> Olafur
>
>
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRSs1uAAoJEJ9vHC1+BF+N0/kP/2lh1L/x8wLanNzohSrfDYMP
L0pAbxYyOlUu4LE3Z90fJx9y/AEl1oCtJxkNGCtSi/JrzwzHu7EVEo+U1FwxFxn3
uubPdi3jJoRFbP3eTthYfzqMq44fNya7DJUkTA4x5X/NU6XUJVzvtpjqfXDmemLE
QYDZ7oZt2abneR90q7quRro46C71qv0MopccAzQ8nyiwZNOFYpwayvkLm7L1GLx2
hYmOZ+nb5U8f0UMeT5rKMr8dKwYrB21zEKTIyZvwstLQjBUebD8LW3UVndUrn0kd
dHUN39UYKWqtqhfPUH/1/USNSDFDKPJS0BmnSQf7ux8rQLL2/xmPK5iBLqx8o4BA
UN5K4dEv2oMAx3eHP9Dz33m9qaELBXdQv38yjEL+aaBLphFe/Dk8LSyT+s5TMdzP
XvDM/qASq9Hy8FBf9HPGMsYaXK867E1b/F1KAWT3vVmNZSQk9LGycUuhtwm+RDCf
1hkELJvXENHOB5wkAeZbL1/KybJx9O+k3vQI8wLQj7Mkgd4xasa1CusK7xYU9z9M
t82Mf7+UibVkjapF4L41qYpbEp5DhK65che6HKFcOC84LvmBYZfRN1gE9wVLNYyY
nJvfKPFCaJNpVMrxRLbYV939RtK0IMLLGvsIfRbZixa63XY20TiZaeMwEkHig+CG
dwb3W0YxzbwZk98+aE0W
=Q0aY
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list