[dns-operations] Novice Question - What happens with the "source port" when a DNS resolver retries after time out?

Barry Raveendran Greene bgreene at senki.org
Fri Jul 18 21:16:01 UTC 2008


> Barry Raveendran Greene wrote:
> > Hi Team,
> > 
> > A DNS Novice question (no access to my lab right now). 
> > 
> > With the Random source port applied to a recursive server, 
> what would 
> > happen when it timed out form the authority not responding? Does it 
> > use the same source port for the retry? Does is use a new 
> source port for the retry?
> > 
> > I'm thinking this might be very OS/implementation based. 
> You should DEFINITELY change your source port, particularly 
> in this scenario.

In my context, I'm looking at the worse case situations where I've got
cluster of recursive DNS servers behind a NAT with PAT turned off. So each
server's randomization is kept and use through the NAT. 

Statistically, there is a chance where two resolvers ask two different
recursive the same query at the same time AND have the two resolvers hit the
same source port number. I'll than have a port collision on the NAT. 

So I'm working to build a risk model - understanding the characteristics.

More information about the dns-operations mailing list