[dns-operations] duplicate query-ids?
Robert Edmonds
edmonds at mycre.ws
Mon Mar 28 01:29:35 UTC 2016
Jared Mauch wrote:
> While looking at some data on a new host w/ DNSTAP w/ bind, I’ve noticed some interesting data regarding query-id recycling.
>
> Has anyone done recent research on this?
>
> 27-Mar-2016 20:06:56.793 AQ 78.47.119.231 UDP 40b PROTRuCK.ro/IN/AAAA
> 27-Mar-2016 20:06:56.793 AR 78.47.119.231 UDP 40b PROTRuCK.ro/IN/AAAA
> 27-Mar-2016 20:06:56.929 AQ 78.47.119.231 UDP 40b pROTRuck.Ro/IN/AAAA
> 27-Mar-2016 20:06:56.929 AR 78.47.119.231 UDP 40b pROTRuck.Ro/IN/AAAA
>
> Just a quick peek, I see these:
>
> count T/U query-id
> 4898 UDP 53b
> 5371 UDP 43b
> 5825 UDP 44b
> 8342 UDP 31b
> 11186 UDP 48b
> 11588 UDP 45b
> 43088 UDP 59b
> 46178 UDP 46b
> 90410 UDP 42b
Hi, Jared:
I think you're actually looking at the message length (e.g. 40 bytes),
not the query ID.
--
Robert Edmonds
More information about the dns-operations
mailing list