>>On Sep 18,2021,at 3:47 PM, Wessels Duane<[email protected]> wrote: >>4.5. Defaults and Recommended Limits >> >> Most open sorcue DNS server implementations provide a configurable >> limit on the total number of established connections. Default values >> range from 20 to 150. In most cases, where the majority of queries >> take place over UDP, 150 is a reasonable limit. For services or >> enviroments where most queries take place over TCP or TLS, 5000 is a >> more appropriate limit. >> >> Only some open source implementations provide a way to limit the >> number of connections per source IP address or subnet, but the >> default is to have no limit. For environments or situations where it >> may be neccessary to enable this limit, 25 connections per source IP >> address is a reasonable starting point. The limit should be >> increased when aggregated by subnet, or for services where most >> queries take place over TCP or TLS. [Qin]: Defaults and Recommended Limits is interesting, I assume it aligns with the guidelines in section 6.2 of RFC7766 I am wondering whether the total number of established connections is referred to the number of concurrent connections? Come from a single client or multiple clients?
I am a little bit surprised that the connection number limit for DNS over UDP is much less than one for DNS over TCP? Since I think UDP can support many more client at the same time due to the lack of connection state, can you clarifies the rationale behind, Thanks. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
