[dns-operations] Novice Question - What happens with the "source port" when a DNS resolver retries after time out?
Barry Raveendran Greene
bgreene at senki.org
Fri Jul 18 21:16:01 UTC 2008
> Barry Raveendran Greene wrote:
> > Hi Team,
> >
> > A DNS Novice question (no access to my lab right now).
> >
> > With the Random source port applied to a recursive server,
> what would
> > happen when it timed out form the authority not responding? Does it
> > use the same source port for the retry? Does is use a new
> source port for the retry?
> >
> > I'm thinking this might be very OS/implementation based.
>
> You should DEFINITELY change your source port, particularly
> in this scenario.
In my context, I'm looking at the worse case situations where I've got
cluster of recursive DNS servers behind a NAT with PAT turned off. So each
server's randomization is kept and use through the NAT.
Statistically, there is a chance where two resolvers ask two different
recursive the same query at the same time AND have the two resolvers hit the
same source port number. I'll than have a port collision on the NAT.
So I'm working to build a risk model - understanding the characteristics.
More information about the dns-operations
mailing list