man/coredns-timeouts.7

.\" Generated by Mmark Markdown Processer - mmark.miek.nl
.TH "COREDNS-TIMEOUTS" 7 "July 2023" "CoreDNS" "CoreDNS Plugins"

.SH "NAME"
.PP
\fItimeouts\fP - allows you to configure the server read, write and idle timeouts for the TCP, TLS and DoH servers.

.SH "DESCRIPTION"
.PP
CoreDNS is configured with sensible timeouts for server connections by default.
However in some cases for example where CoreDNS is serving over a slow mobile
data connection the default timeouts are not optimal.

.PP
Additionally some routers hold open connections when using DNS over TLS or DNS
over HTTPS. Allowing a longer idle timeout helps performance and reduces issues
with such routers.

.PP
The \fItimeouts\fP "plugin" allows you to configure CoreDNS server read, write and
idle timeouts.

.SH "SYNTAX"
.PP
.RS

.nf
timeouts {
    read DURATION
    write DURATION
    idle DURATION
}

.fi
.RE

.PP
For any timeouts that are not provided, default values are used which may vary
depending on the server type. At least one timeout must be specified otherwise
the entire timeouts block should be omitted.

.SH "EXAMPLES"
.PP
Start a DNS-over-TLS server that picks up incoming DNS-over-TLS queries on port
5553 and uses the nameservers defined in \fB\fC/etc/resolv.conf\fR to resolve the
query. This proxy path uses plain old DNS. A 10 second read timeout, 20
second write timeout and a 60 second idle timeout have been configured.

.PP
.RS

.nf
tls://.:5553 {
    tls cert.pem key.pem ca.pem
    timeouts {
        read 10s
        write 20s
        idle 60s
    }
    forward . /etc/resolv.conf
}

.fi
.RE

.PP
Start a DNS-over-HTTPS server that is similar to the previous example. Only the
read timeout has been configured for 1 minute.

.PP
.RS

.nf
https://. {
    tls cert.pem key.pem ca.pem
    timeouts {
        read 1m
    }
    forward . /etc/resolv.conf
}

.fi
.RE

.PP
Start a standard TCP/UDP server on port 1053. A read and write timeout has been
configured. The timeouts are only applied to the TCP side of the server.

.PP
.RS

.nf
\&.:1053 {
    timeouts {
        read 15s
                write 30s
    }
    forward . /etc/resolv.conf
}

.fi
.RE
[RFC-9250]: Add QUIC server support (#6182) Add DNS-over-QUIC server Signed-off-by: jaehnri <joao.henri.cr@gmail.com> Signed-off-by: João Henri <joao.henri.cr@gmail.com> 2023-07-31 16:34:31 -03:00			`.\" Generated by Mmark Markdown Processer - mmark.miek.nl`
			`.TH "COREDNS-TIMEOUTS" 7 "July 2023" "CoreDNS" "CoreDNS Plugins"`

			`.SH "NAME"`
			`.PP`
			`\fItimeouts\fP - allows you to configure the server read, write and idle timeouts for the TCP, TLS and DoH servers.`

			`.SH "DESCRIPTION"`
			`.PP`
			`CoreDNS is configured with sensible timeouts for server connections by default.`
			`However in some cases for example where CoreDNS is serving over a slow mobile`
			`data connection the default timeouts are not optimal.`

			`.PP`
			`Additionally some routers hold open connections when using DNS over TLS or DNS`
			`over HTTPS. Allowing a longer idle timeout helps performance and reduces issues`
			`with such routers.`

			`.PP`
			`The \fItimeouts\fP "plugin" allows you to configure CoreDNS server read, write and`
			`idle timeouts.`

			`.SH "SYNTAX"`
			`.PP`
			`.RS`

			`.nf`
			`timeouts {`
			`read DURATION`
			`write DURATION`
			`idle DURATION`
			`}`

			`.fi`
			`.RE`

			`.PP`
			`For any timeouts that are not provided, default values are used which may vary`
			`depending on the server type. At least one timeout must be specified otherwise`
			`the entire timeouts block should be omitted.`

			`.SH "EXAMPLES"`
			`.PP`
			`Start a DNS-over-TLS server that picks up incoming DNS-over-TLS queries on port`
			`5553 and uses the nameservers defined in \fB\fC/etc/resolv.conf\fR to resolve the`
			`query. This proxy path uses plain old DNS. A 10 second read timeout, 20`
			`second write timeout and a 60 second idle timeout have been configured.`

			`.PP`
			`.RS`

			`.nf`
			`tls://.:5553 {`
			`tls cert.pem key.pem ca.pem`
			`timeouts {`
			`read 10s`
			`write 20s`
			`idle 60s`
			`}`
			`forward . /etc/resolv.conf`
			`}`

			`.fi`
			`.RE`

			`.PP`
			`Start a DNS-over-HTTPS server that is similar to the previous example. Only the`
			`read timeout has been configured for 1 minute.`

			`.PP`
			`.RS`

			`.nf`
			`https://. {`
			`tls cert.pem key.pem ca.pem`
			`timeouts {`
			`read 1m`
			`}`
			`forward . /etc/resolv.conf`
			`}`

			`.fi`
			`.RE`

			`.PP`
			`Start a standard TCP/UDP server on port 1053. A read and write timeout has been`
			`configured. The timeouts are only applied to the TCP side of the server.`

			`.PP`
			`.RS`

			`.nf`
			`\&.:1053 {`
			`timeouts {`
			`read 15s`
			`write 30s`
			`}`
			`forward . /etc/resolv.conf`
			`}`

			`.fi`
			`.RE`