[dnsdist] "Timeout from remote TCP client" with dnsdist + PDNS Recursor

Remi Gacogne remi.gacogne at powerdns.com
Mon Oct 3 08:07:41 UTC 2022


On 30/09/2022 17:56, Christian Joffre Calva Urrego via dnsdist wrote:
> We currently use dnsdist 1.4 and have a PowerDNS Recursor configured as 
> downstream server. Everything has a standard minimum configuration, with
> ..
> client-tcp-timeout=60
> ..
> configured on the PDNS Recursor.
> The point is that in PDNS Recursor we can see the following entry log:
> ..
> pdns_recursor: Timeout from remote TCP client <IP_DNSDIST>
> ..
> We have been investigating and apparently the dnsdist does not close the 
> TCP sessions with the configured downstream server (PDNS Recursor), 
> having to close them the PDNS Recursor.
> Is there a setting in dnsdist to set idle time of a TCP connection to a 
> backend server?

I'm afraid there isn't.

> What is the default lifetime of a TCP session in dnsdist, once it is 
> waiting and not being used?

dnsdist only closes an idle outgoing TCP connection if it is already has 
'setMaxCachedTCPConnectionsPerDownstream' [1] idle connections to that 
backend in cache, or if the connection will not be reusable (because the 
proxy protocol is enabled, for example). Apart from that it tries to 
keep the connection alive for as long as possible, checking that the 
connection is still usable before trying to use it to forward a new query.
This is based on the reasoning that establishing a new TCP connection to 
a backend is not cheap and has an important cost in term of latency.

Are you experiencing any functional problem, apart from an entry in the 
recursor's logs? You did not share the version of the recursor you are 
using, but in recent version this warning is only written to the logs 
when 'log-common-errors' is set to 'yes'.


Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221003/508c483e/attachment.sig>

More information about the dnsdist mailing list