[dns-operations] [Ext] Nameserver responses from different IP than destination of request
John R Levine
johnl at taugh.com
Tue Sep 8 21:36:14 UTC 2020
On Tue, 8 Sep 2020, Puneet Sood wrote:
> A single recursive resolver process can make a large number of
> outbound requests to thousands (if not more) of nameservers. Keeping
> one socket for each unique combination of (resolver IP, nameserver IP)
> becomes expensive in such an environment. Using more than one resolver
> IP provides additional entropy for the queries.
But you need a separate socket for each port number if you're doing port
randomization.
In any event, I'd be more interested in knowing how much DNS client
software uses connected sockets rather than speculating about it.
Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
More information about the dns-operations
mailing list