Bugzilla – Bug 4089
Unbound should hold open TLS connections
Last modified: 2018-09-25 05:58:13 CEST
Currently unbound closes the connection immediately after it receives a response.
From RFC7858 (Specification for DNS over TLS):
In order to amortize TCP and TLS connection setup costs, clients and
servers SHOULD NOT immediately close a connection after each
response. Instead, clients and servers SHOULD reuse existing
connections for subsequent queries as long as they have sufficient
resources. In some cases, this means that clients and servers may
need to keep idle connections open for some amount of time.
My config file includes:
Yes that is a good idea. For the forwarding case, realistically. Also for TCP.
Best regards, Wouter
Holding TLS connections open rather than always starting a new one could help with: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4149 or at least potentially improve diagnosing it. I know it would probably only delay the problem, and not fix it. Anything might be worth a try though.