From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 6 May 2026 13:09:09 +0000 (+0200)
Subject: [9.20] fix: usr: Implement seamless outgoing TCP connection reuse
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb117e16b96f4892755c073d8888e52f8317bf3b;p=thirdparty%2Fbind9.git

[9.20] fix: usr: Implement seamless outgoing TCP connection reuse

The resolver can and will reuse outgoing TCP connections to the same host, as recommended by RFC 7766. This prevents a whole class of attacks that abuse the fact that establishing a TCP connection is expensive and it is fairly easy to deplete the outgoing TCP ports by putting them into TIME_WAIT state.

The number of pipelined queries per connection is capped at 256 to limit the impact of a connection drop.

Backport of MR !11845

Merge branch 'backport-3741-reuse-tcp-connections-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11846
---

eb117e16b96f4892755c073d8888e52f8317bf3b