>> btw, what is a reasonably safe value for `tcp-io-timeout` to run on the
>> global internet? i am giving 2000 a shot and it seems ok for the set of
>> servers we have for this cctld.
>
> My understanding is that tcp-io-timeout should be bigger than your rtt
> so if you set 1.5 - 2x you should
Mar 24, 2024 19:47:45 Randy Bush :
> btw, what is a reasonably safe value for `tcp-io-timeout` to run on the
> global internet? i am giving 2000 a shot and it seems ok for the set of
> servers we have for this cctld.
My understanding is that tcp-io-timeout should be bigger than your rtt so if
btw, what is a reasonably safe value for `tcp-io-timeout` to run on the
global internet? i am giving 2000 a shot and it seems ok for the set of
servers we have for this cctld.
randy
--
>> it's shipped by default not being able to run reliably on the internet
>> and has no big "before you open this" warning on the box? it has cost
>> me days, and cost other folk hours.
>
> If you enabled debug logging, you would see the connection is closed
> due to IO timeout.
i had debug
On 3/24/24 17:45, Randy Bush wrote:
i am not positive this is the key question as my tcp fu is a bit rusty.
but why did seattle send the FIN at 219, 10% through the file?
I have experienced the same some time ago and I think this is what you
need to tune:
>> i am not positive this is the key question as my tcp fu is a bit rusty.
>> but why did seattle send the FIN at 219, 10% through the file?
>
> I have experienced the same some time ago and I think this is what you
> need to tune:
>
> https://www.knot-dns.cz/docs/3.3/singlehtml/#tcp-io-timeout
hi Randy,
Mar 24, 2024 05:35:11 Randy Bush :
> debian 12
> # uname -a
> Linux rip.psg.com 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1
> (2024-02-01) x86_64 GNU/Linux
> # knotc --version
> knotc (Knot DNS), version 3.2.6
>
> AXFR of a 750k zone from seattle to, lebanon, europe,