Maintained by: NLnet Labs

[Unbound-users] Feature request: Unbound in forwarding mode to use TCP

Olafur Gudmundsson
Thu Mar 21 14:21:13 CET 2013


On Mar 21, 2013, at 5:05 AM, "W.C.A. Wijngaards" <wouter at nlnetlabs.nl> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Olafur,
> 
> On 03/15/2013 03:30 PM, Olafur Gudmundsson wrote:
>> 
>> Basically what I want is a configuration option that allows me to
>> specify the preferred transport protocol something like: forwarder:
>> <blash> prefer TCP; or tcp-forwarder: <blah> or udp-forwarder:
>> <blah>
> 
> Such detailed config is not available, did you know the following
> option is already implemented?
> tcp-upstream: yes

I will try that one, and see what else breaks :-) 

> 
> If you set this, all communication with upstream (whether forwarding
> or not forwarding) is done over TCP.  You can also add config as a
> forwarder, and thus have TCP forwarding.


> 
> If you are really paranoid, you can even use SSL-wrapped transport
> with unbound, but this is trickier to set up (and it does not do
> actual X509 PKI checks, just encapsulates the traffic).

I'm not paranoid :-)

> 
> Best regards,
>   Wouter
> 

Olafur 

>> The reason for this is forwarders close to the edge send bursts of
>> queries and then go silent,  thus if the burst is sent over TCP the
>> overhead of setting up and closing the TCP connection is amortized.
>> 
>> 
>> The forwarder should close the TCP connection after going silent
>> for a short time (10seconds ?) or just leave the closing of the
>> connection to the server.
>> 
>> Olafur
>> 
>> 
>> _______________________________________________ Unbound-users
>> mailing list Unbound-users at unbound.net 
>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBAgAGBQJRSs1uAAoJEJ9vHC1+BF+N0/kP/2lh1L/x8wLanNzohSrfDYMP
> L0pAbxYyOlUu4LE3Z90fJx9y/AEl1oCtJxkNGCtSi/JrzwzHu7EVEo+U1FwxFxn3
> uubPdi3jJoRFbP3eTthYfzqMq44fNya7DJUkTA4x5X/NU6XUJVzvtpjqfXDmemLE
> QYDZ7oZt2abneR90q7quRro46C71qv0MopccAzQ8nyiwZNOFYpwayvkLm7L1GLx2
> hYmOZ+nb5U8f0UMeT5rKMr8dKwYrB21zEKTIyZvwstLQjBUebD8LW3UVndUrn0kd
> dHUN39UYKWqtqhfPUH/1/USNSDFDKPJS0BmnSQf7ux8rQLL2/xmPK5iBLqx8o4BA
> UN5K4dEv2oMAx3eHP9Dz33m9qaELBXdQv38yjEL+aaBLphFe/Dk8LSyT+s5TMdzP
> XvDM/qASq9Hy8FBf9HPGMsYaXK867E1b/F1KAWT3vVmNZSQk9LGycUuhtwm+RDCf
> 1hkELJvXENHOB5wkAeZbL1/KybJx9O+k3vQI8wLQj7Mkgd4xasa1CusK7xYU9z9M
> t82Mf7+UibVkjapF4L41qYpbEp5DhK65che6HKFcOC84LvmBYZfRN1gE9wVLNYyY
> nJvfKPFCaJNpVMrxRLbYV939RtK0IMLLGvsIfRbZixa63XY20TiZaeMwEkHig+CG
> dwb3W0YxzbwZk98+aE0W
> =Q0aY
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users