Many udp ports open in bind 9.5.1
Mike Bernhardt
bernhardt at bart.gov
Fri Feb 13 19:15:55 UTC 2009
What youre seeing is ports your server has opened for queries. Then it
holds the port open while waiting for a reply and for some time after that.
For example, FROM ls1.tel.net.ba:29825 TO 203.64.139.9:domain. By design, if
someone does a lot of queries to crackerjack.net, your server is going to
source the queries from a different port each time.
If you are having a problem with crackerjack.net, I don't think it's a BIND
problem, it's a personnel management or desktop problem.
________________________________________
From: Elizabeta Zadro [mailto:elizabeta.zadro at tel.net.ba]
Sent: Friday, February 13, 2009 10:32 AM
To: bind-users at lists.isc.org
Subject: Many udp ports open in bind 9.5.1
Before I had bind-9.5.0-P2 and now I upgrade to bind-9.5.1. I readed that in
bind-9.5.1 is additional support for query port randomization
including performance improvement and port range specification.
But is this ok?
netstat
udp 0 0 ls1.tel.net.ba:29825 203.64.139.9:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:24836 static.213-133-1:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:21124 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:60933 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:50446 ns1.dynadot.com:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:61075 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:21915 firewall.camping:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:18076 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:31142 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:6311 208.66.192.102:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:3369 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:36017 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:40502 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:17719 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:37307 189.40.238.6:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:46274 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:11719 ns2.suspended-fo:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:51400 ns2.suspended-fo:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:34386 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:32600 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:20732 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:61023 bod40.i0waterfor:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:60767 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:9450 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:28270 43.72.84ae.stati:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:43630 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:39417 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:24569 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:24569 crackerjack.net:domain
ESTABLISHED
Active UNIX domain sockets (w/o servers)
netstat after 5 min.
udp 0 0 ls1.tel.net.ba:16525 202.153.32.6:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:8975 a.gtld-servers.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:50959 60.217.239.181:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:61714 208.72.175.3:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:37656 66.232.104.156:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:39455 79.135.181.219:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:60193 64.38.223.8:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:21540 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:19494 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:25266 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:50355 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:20923 a.gtld-servers.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:58044 ns.kuins.kyoto-u:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:16575 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:45376 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:34372 ns1.tahoe.everyd:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:65489 170.185.16.2:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:7506 12.154.116.35:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:56658 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:45396 ns2.suspended-fo:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:50905 a.gtld-servers.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:3673 bod41.i0waterfor:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:31833 64.38.223.8:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:11872 crackerjack.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:65519 alius.crackerjac:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:18549 ns1.crsnic.net:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:28023 114-32-136-127.H:domain
ESTABLISHED
udp 0 0 ls1.tel.net.ba:12921 79.135.181.219:domain
ESTABLISHED
As you can see, the ports are changing, but there is always crackerjack.net
every time on differnet ports? Can I simply put this user in IP tables?
In previously version bind-9.5.0-P2 there was not at all ESTABLISHED socket
from foreign users.
Otherwise, My network and configuration is the same like before upgrade.
Only when I upgreded to bind 9.5.1., there are now many udp socket. Is this
characteristical behaviour for bind.9.5.1?
I'm going to www.isc.org but I can't find this answers? Please can you
answer of my question?
Thanks in advance!
Elysabeth
More information about the bind-users
mailing list