On 2021-02-04 7:25 a.m., Per Jessen wrote:
DNS is a UDP protocol not a TCP protocol. <nitpick> both actually </nitpick>
Well PHOO to you too, buster! The 'long delayed response' issue that I was addressing is a UDP phenomena.
To the OP - what does this mean:
requests continue on the sites that I visited and that long after my last connection. Do you mean you can see active connections, e.g. with 'ss' ?
With UDP there are not 'connections'. With UDP there are only (possible) responses at some time in the future. A 'response' is not a 'connection'. A connection reeds a setup handshake and positive response to each individual packet sent. That the difference between UDP and and TCP. Yes you can run DNS as TCP, but that way the connection gets terminated so the 'long delayed response' you can get with UDP isn't there. A 'persistent response' because the response was cached is quite another matter. If you want to discuss 'secure DNS', then fine, but please what the $SUBJ. Locally, I use DNSmasq which offers a great deal of simplicity of set up compared to BIND9, much easier DHCP integration, and a lot of controllability IF AND ONLY IF you need it. For the most part I don't. DNSMASQ(8) NAME dnsmasq - A lightweight DHCP and caching DNS server. SYNOPSIS dnsmasq [OPTION]... DESCRIPTION dnsmasq is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. -- “Reality is so complex, we must move away from dogma, whether it’s conspiracy theories or free-market,” -- James Glattfelder. http://jth.ch/jbg