ICMP type-3/code-3
Sami Yousif
syousif at iname.com
Tue Jul 6 17:08:13 UTC 1999
Lance Spitzner wrote:
> My DNS servers are getting alot of ICMP type-3/code-3
> traffic. This is Destination unreachable/port unreachable.
>
> 3 Destination Unreachable [RFC792]
>
> Codes
> 0 Net Unreachable
> 1 Host Unreachable
> 2 Protocol Unreachable
> 3 Port Unreachable
>
> This happens at random times, but in large bursts (5-10 +
> packets from specific hosts).
>
> Why are my DNS servers (Bind 8.1.2) receving these packets?
>
> Thanks!
These are used in traceroutes and pings.
If a traceroute is done to/from the machine that is also the dns server,
it (the dns server) will recieve these messages.
This is not the only thing that depends on ICMP messages being recieved
correctly... (which is why it is not a good idea to block all icmp
traffic on a machine since that can also give starange results like this
one. Some programs send a single "ping" before connecting to an address
{eg: isc dhcp server sends a ping before giving out an address to a
client machine... so if your dns server is also your dhcp server.....}
since your description is "of large bursts"... and type 3, It could be a
traceroute.... [either originating from your machine, or which your
machine may be one of the hops (is it also a router/gateway)]
--
-
Sami Yousif
mailto:syousif at iname.com
http://www.mav.net/teddyr/syousif/ Personal Page
http://www.alug.org/ Amarillo Linux Users Group
[eMail sent to any of my addresses is subject to the Conditions outlined
in http://www.mav.net/teddyr/emailtos.shtml]
More information about the bind-users
mailing list