Persistent tcp-upstream
Gabriel Corona
gabriel.corona at enst-bretagne.fr
Thu Jan 5 23:45:48 UTC 2017
Hello,
I'm using unbound with a TCP upstream [1]:
server:
tcp-upstream: yes
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 192.0.2.53
However one problem I find when using "tcp-upstream: yes" is that it
seems to only open one connection per DNS request [2]:
$ for a in $(seq 0 300) ; do dig test$a.ldn-fai.net ; done &> /dev/null
$ netstat -tnp | grep 192.0.2.53:53 | grep TIME_WAIT | wc -l
300
This is quite suboptimal, especially when the connection is
encapsulated over TLS [1], and leads to many TIME_WAIT
connections. In order to overcome this problem, I wrote a prototypical
daemon which aggregates DNS requests over a single persistent TCP
connection [3]:
[DNS]<->[DNS ]<->[DNS ]<---------------------->[DNS]
[UDP]<->[UDP|TCP]<->[TCP ]<---------------------->[TCP]
[IP ]<->[IP ]<->[IP ]<---------------------->[IP ]
Client Aggregator Forwarder Internet Recursive
(dnsfwd) (unbound)
However, having to use (and compile) a dedicated tool is not very user
friendly.
Is this behaviour expected or am I missing some configuration option
in order to reuse TCP connections for multiple requests?
Thanks,
[1] http://www.gabriel.urdhr.fr/2015/02/14/recursive-dns-over-tls-over-tcp-443/
[2] http://www.gabriel.urdhr.fr/2015/12/09/dns-aggregator-tls/
[3] https://github.com/randomstuff/dnsfwd
--
Gabriel
More information about the Unbound-users
mailing list