The resolver can and will reuse outgoing TCP connections to the same host, as recommended by RFC 7766. This prevents a whole class of attacks that abuse the fact that establishing a TCP connection is expensive and it is fairly easy to deplete the outgoing TCP ports by putting them into TIME_WAIT state.
The number of pipelined queries per connection is capped at 256 to limit the impact of a connection drop.
Merge branch '3741-reuse-tcp-connections' into 'main'
See merge request isc-projects/bind9!11845
projects / thirdparty / bind9.git / commitdiff
