torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

unbound: revert timeout tuning that broke TLS forwarding

Browse Source 
The tcp-reuse-timeout=15 and infra-host-ttl=120 changes from 5c111c8
caused unbound to fail resolving external domains via DNS-over-TLS.
Reverting to defaults (tcp-reuse-timeout=60, infra-host-ttl=900).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-03-12 20:04:19 +01:00
parent f7b1a18579
commit f16bc8b5b5
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
services/ns/resolver.nix
View File

@@ -38,12 +38,6 @@
do-udp = "yes"; do-udp = "yes";
do-tcp = "yes"; do-tcp = "yes";
extended-statistics = true; extended-statistics = true;
# Recover faster from upstream failures (e.g. ISP outage)
# Default 900s is too long - keeps marking servers as bad
infra-host-ttl = 120;
# Clean up stale TLS connections faster (default 60s)
tcp-reuse-timeout = 15;
}; };
remote-control = { remote-control = {
control-enable = true; control-enable = true;