Running unbound on OpenBSD as a DoT server
Renaud Allard
renaud at allard.it
Fri Mar 20 12:07:29 UTC 2020
Hello,
I have set up multiple DoT servers with unbound on OpenBSD. I tried
first with unbound 1.9.4 (which is the default one on OpenBSD 6.6), but
I had a lot of lock ups where the server stopped responding to TCP
connections. In that case, not even the certificate was returned, the
connection just did stall. I had the same, but of less importance with
1.9.6 and 1.10.0, so I tried to investigate further what the problem was
as it was only TCP sessions which were hanging. After a lot of testing,
I found out that putting "so-reuseport: no" solved all the stalling
issues I had.
So I am wondering if it would not be a good idea to disable the use of
SO_REUSEPORT for TCP by default when unbound is compiled on OpenBSD. I
don't know which approach would be the best to do that.
Regards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4042 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200320/5571a424/attachment.bin>
More information about the Unbound-users
mailing list