Not sure if I responded to this last year, but thanks.
Stuart
> -Original Message-
> From: Tony Finch [mailto:d...@dotat.at]
> Sent: Wednesday, 19 December 2018 10:26 PM
> To: Browne, Stuart
> Cc: bind-users@lists.isc.org
> Subject: Re: BIND and persistent connections
>
> Browne, Stuart via bind-users wrote:
> >
> > I was wondering if anybody had any thoughts on how to limit the
> > concurrency or at least the lifetime of these persistent connections
> > within BIND.
>
> If you are running BIND 9.12, you have a bunch of new options related to
> RFC 7827 EDNS TCP keepalive (see below for examples). The timeouts default
> to 30 seconds (same as before the options were added). They also affect
> connections that don't use the EDNS keepalive option.
>
> I have reduced mine, mainly to reduce the concurrency used by Android
> DNS-over-TLS. (I'm using nginx as a DoT proxy so there's one back-end TCP
> connection per client TLS connection.)
>
> tcp-idle-timeout 50; # 5 seconds
> tcp-initial-timeout 25; # 2.5s minimum permitted
> tcp-keepalive-timeout 50; # 5 seconds
> tcp-advertised-timeout 50; # 5 seconds
>
> Excessive concurrency is still a problem.
>
> Tony.
> --
> f.anthony.n.finch
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__dotat.at_=DwIBAg=MOptNlVtIETeDALC_lULrw=udvvbouEjrWNUMab5xo_vLbU
> E6LRGu5fmxLhrDvVJS8=JTnM4a1inaCfDoxVF_4YSLxG0ZMNs5KM-
> vGYEvYGn3E=NwdB8uMWwCIVphZw-jaaoVtu7PprQCHjwb6Fn_kuKgk=
> Viking, North Utsire, South Utsire: Southeasterly 6 to gale 8,
> occasionally
> severe gale 9 at first. Very rough or high, becoming rough later. Rain
> then
> showers. Good occasionally poor at first.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
