DoT connection timeout

speed

#1

Hello,
since I’ve recently started using Stubby with 1.1.1.1 DNS over TLS, I was wondering if there was a server-side timeout on connections with the resolver (and if so, whether there is a way to increase it).
In fact, one of Stubby’s features is to keep the connection open in order to reduce the handshake overhead. However, when using 1.1.1.1, the connection gets closed after ~10 seconds of inactivity, no matter the settings or ipv4/6.
Thanks in advance


#2

Any large public DNS service will need to conserve resources associated with connection state when it is running a TCP-based service, Not only Cloudflare, but also Google and Quad9, time out the TCP connections after some number of seconds. And at least for Google, connections may also be closed after a maximum number of queries.

The latency hit from having to reopen connections can be largely mitigated by features like TCP Fast Open and TLS Session Resumption (aka TLS False Start). TLS 1.3 can also reduce the number of round trips needed to send a query even on a first-time connection.