Maintained by: NLnet Labs

[Unbound-users] Feature request: Unbound in forwarding mode to use TCP

W.C.A. Wijngaards
Thu Mar 21 10:05:50 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Olafur,

On 03/15/2013 03:30 PM, Olafur Gudmundsson wrote:
> 
> Basically what I want is a configuration option that allows me to
> specify the preferred transport protocol something like: forwarder:
> <blash> prefer TCP; or tcp-forwarder: <blah> or udp-forwarder:
> <blah>

Such detailed config is not available, did you know the following
option is already implemented?
tcp-upstream: yes

If you set this, all communication with upstream (whether forwarding
or not forwarding) is done over TCP.  You can also add config as a
forwarder, and thus have TCP forwarding.

If you are really paranoid, you can even use SSL-wrapped transport
with unbound, but this is trickier to set up (and it does not do
actual X509 PKI checks, just encapsulates the traffic).

Best regards,
   Wouter

> The reason for this is forwarders close to the edge send bursts of
> queries and then go silent,  thus if the burst is sent over TCP the
> overhead of setting up and closing the TCP connection is amortized.
> 
> 
> The forwarder should close the TCP connection after going silent
> for a short time (10seconds ?) or just leave the closing of the
> connection to the server.
> 
> Olafur
> 
> 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRSs1uAAoJEJ9vHC1+BF+N0/kP/2lh1L/x8wLanNzohSrfDYMP
L0pAbxYyOlUu4LE3Z90fJx9y/AEl1oCtJxkNGCtSi/JrzwzHu7EVEo+U1FwxFxn3
uubPdi3jJoRFbP3eTthYfzqMq44fNya7DJUkTA4x5X/NU6XUJVzvtpjqfXDmemLE
QYDZ7oZt2abneR90q7quRro46C71qv0MopccAzQ8nyiwZNOFYpwayvkLm7L1GLx2
hYmOZ+nb5U8f0UMeT5rKMr8dKwYrB21zEKTIyZvwstLQjBUebD8LW3UVndUrn0kd
dHUN39UYKWqtqhfPUH/1/USNSDFDKPJS0BmnSQf7ux8rQLL2/xmPK5iBLqx8o4BA
UN5K4dEv2oMAx3eHP9Dz33m9qaELBXdQv38yjEL+aaBLphFe/Dk8LSyT+s5TMdzP
XvDM/qASq9Hy8FBf9HPGMsYaXK867E1b/F1KAWT3vVmNZSQk9LGycUuhtwm+RDCf
1hkELJvXENHOB5wkAeZbL1/KybJx9O+k3vQI8wLQj7Mkgd4xasa1CusK7xYU9z9M
t82Mf7+UibVkjapF4L41qYpbEp5DhK65che6HKFcOC84LvmBYZfRN1gE9wVLNYyY
nJvfKPFCaJNpVMrxRLbYV939RtK0IMLLGvsIfRbZixa63XY20TiZaeMwEkHig+CG
dwb3W0YxzbwZk98+aE0W
=Q0aY
-----END PGP SIGNATURE-----