Running unbound on OpenBSD as a DoT server

Renaud Allard renaud at
Fri Mar 20 12:07:29 UTC 2020


I have set up multiple DoT servers with unbound on OpenBSD. I tried 
first with unbound 1.9.4 (which is the default one on OpenBSD 6.6), but 
I had a lot of lock ups where the server stopped responding to TCP 
connections. In that case, not even the certificate was returned, the 
connection just did stall. I had the same, but of less importance with 
1.9.6 and 1.10.0, so I tried to investigate further what the problem was 
as it was only TCP sessions which were hanging. After a lot of testing, 
I found out that putting "so-reuseport: no" solved all the stalling 
issues I had.
So I am wondering if it would not be a good idea to disable the use of 
SO_REUSEPORT for TCP by default when unbound is compiled on OpenBSD. I 
don't know which approach would be the best to do that.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4042 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Unbound-users mailing list