-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use TCP Fast Open in server.c and possibly update client side TFO implementation? #422
Comments
For reference, the browser support claim doesn't seem true from what I can see; curl/curl#3662 |
Indeed, that was news to me too (I opened that issue in curl too) :) |
getdns (the underlying library for stubby) was actually an early implementor of TFO...! A quick peruse of the getdns source code/compile time options would show on the client side:
It isn't currently implemented in the server code but that is normally listening to a system library which wouldn't use TCP by default but it should be there for completeness. |
I clearly didn't check the getdns library - Thank you very much for pointing all of this out! :) Would it be helpful for me to open an issue in getdns for your last point?
|
Is TFO only available with GETDNS_TRANSPORT_TCP ? |
I see. Unbound TFO implement only support for tcp not tls. So I tried to compile with gnutls in develop branch but it required gnutls-dane. Huh..? |
@odkrys I'm about to do a commit using TCP_FASTOPEN_CONNECT option, which will do TFO for TLS on Linux (I tested 8.8.8.8 and it seems to work). |
Seems to work for TLS now too. At least on Linux. Thanks Craig Andrews
sadly, it needs kernel 4.11+... |
Fixed in 5.2.2 |
TCP Fast Open eliminates a round trip for TCP connections. Since stubby is performance sensitive and makes many TCP connections to the DNS-over-TLS server, using TCP Fast Open would be a nice improvement. See https://lwn.net/Articles/508865/ for background.
On the client side, it's as simple as setting the
TCP_FASTOPEN_CONNECT
option on the socket.On the server side, stubby would do something like this on the listening socket:
Chrome and Firefox have supported TCP Fast Open for clients for over a year, and other DNS servers (ex unbound) use it for client and sever connections too.
The text was updated successfully, but these errors were encountered: