The resolver can and will reuse outgoing TCP connections to the same host, as recommended by RFC 7766. This prevents a whole class of attacks that abuse the fact that establishing a TCP connection is expensive and it is fairly easy to deplete the outgoing TCP ports by putting them into TIME_WAIT state.
The number of pipelined queries per connection is capped at 256 to limit the impact of a connection drop.
Backport of MR !11845
Merge branch 'backport-3741-reuse-tcp-connections-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!11846
projects / thirdparty / bind9.git / commitdiff
