DoT with unbound

[Havard Eidnes]

Hi,

we're using unbound (1.9.4) on NetBSD 8.0 to provide DNS-over-TLS
service to a diverse set of customers, at the moment mostly as an
experiment.

What I find is that over time there will pile up a set of TCP
connections in CLOSE_WAIT state, all with 147 bytes stuck in the
receive queue of the socket (according to "netstat -n -f inet").

In the TCP state diagram I'm looking at (the original standard),
the next transition from CLOSE_WAIT is supposed to be caused by
the application doing close(), and that is apparently not
happening.  This will cause unbound eventually to "clog up" and
stop responding to DoT queries.

I *think* this is an unbound bug, perhaps specific to portability
to this platform.  The question I have for now is where do I
start looking for the cause of this problem?  Where is the code
which deals with TCP socket handling inside unbound?

Best regards,

- Håvard