TLS upstream connections get closed despite keepalive
xnoreq at gmail.com
Thu Jul 21 12:35:57 UTC 2022
I'm running unbound 1.16.1 on Linux 5.15.55, configured to forward
everything over TCP TLS connections.
Despite keepalive being enabled, I can see that the connections get
Note that the server is not busy at all.
Here are the relevant bits of the configuration:
forward-addr: 22.214.171.124 at 853#cloudflare-dns.com
forward-addr: 126.96.36.199 at 853#cloudflare-dns.com
forward-addr: 188.8.131.52 at 853#dns.google
forward-addr: 184.108.40.206 at 853#dns.google
Packet captures show that after as few as ~30 seconds, unbound sends a
FIN+ACK. Sometimes it sends a couple more RST packets which doesn't seem
This, combined with the behavior that unbound wants to open connections
to all upstream servers instead of reusing existing connections, it will
constantly open new connections (and to make matters worse it does not
seem to do that in the background but synchronously with incoming
queries, blocking them) leads to many queries being needlessly delayed
by about 80 to 180ms.
Did I do something wrong? How can I fix this?
More information about the Unbound-users