Open ports in Bind
JINMEI Tatuya / 神明達哉
Jinmei_Tatuya at isc.org
Mon Feb 2 23:19:56 UTC 2009
At Mon, 02 Feb 2009 22:32:17 +0330,
"Bind" <bind at dci.ir> wrote:
> maybe my first question type was wrong,sorry for terrible!,my question is:
> when i run netstat -an,why my server has some stablished connection with its
> own ip address through different source port to one client address?
>
> example:
>
> 192.168.1.1.51121 74.222.11.71.53 Connected192.168.1.1.58967
> 74.222.11.71.53 Connected192.168.1.1.46691 74.222.11.71.53
> Connected
>
> does it mean that,,client 74.222.11.71 [http://74.222.11.71/] at the time of
> snapshot requests 3 dns queries from my server or something else?
These are most likely queries sent from a BIND9 caching server as part
of recursive name resolution. They are not 'open' ports, but are
temporarily opened and connected to a specific remote server address
for a particular query.
> can we say the number of recursive-clients after run "rndc status" and
> the output of "netstat -an |grep 53 | wc" point to the same thing
> (regardless of difference to running time)?
Not necessarily, because if named receives a same query from multiple
clients it combines the query and only sends one query to the remote
server. Also, there are other queries internally sent from named.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list