9 Pro
2025
9 Pro
'25
11:50
I remember looking at TFO some time ago. Our distribution, Oracle Linux,
does not enable it server-side by default, so Knot DNS can't enable this
feature server-side. We would have to adjust our kernel options to activate
it. And even then, it's a bad idea, because we have multiple servers in
clusters. A TFO cookie from one server may be replayed to another server,
and would be invalid (this problem is similar to EDNS cookies). Even if we
configure things carefully, and synchronise TFO cookies, and a client
connects to a TFO-incapable server in our clusters, the benefit is lost.
We also don't enable TFO on the client side, because we don't have
TFO-capable remotes.
In conclusion, we would not miss TFO at all. If it helps you to simplify
code, please drop it.
Regards,
Anand Buddhdev
RIPE NCC
On Tue, 9 Dec 2025 at 10:47, Daniel Salzman via knot-dns-users <
knot-dns-users(a)lists.nic.cz> wrote:
Hello Knot DNS users,
Knot DNS supports TCP Fast Open (when configured) in both the server and
client roles for several years.
However, we have not observed any performance or other improvements from
this technology so far. Since
removing it would simplify the code, I'm considering dropping the support
for it. Is there anyone who would
miss TFO in Knot DNS?
For better XFR efficiency between Knots,
https://www.knot-dns.cz/docs/latest/singlehtml/index.html#remote-pool-limit
works much better.
Thanks,
Daniel
--