multiple queries on same ip/port quad
Wolfgang S. Rupprecht
wolfgang+gnus20040223T130901 at dailyplanet.dontspam.wsrcc.com
Mon Feb 23 21:23:50 UTC 2004
Mark Andrews <Mark_Andrews at isc.org> writes:
> I suspect that you are mis-analysising the situation. There
> are lots of applications (including named itself when
> forwarding) that re-use the same udp socket when making
> recursive queries to named without waiting for response
> then de-muxing based in id.
I guess the bundle of queries was invalid for a different reason. It
was non-reentrant code that was being called reentrantly after all.
Ethereal didn't flag them as bad packets in any way, but I'm not sure
how much it checked in this case. The amount of checking seems to
vary wildly between different decoders.
> Do you have a stateful firewall between the resolver and
> named that looks at the DNS transaction id?
The observed transaction was between two machines on the inside
ethernet and they aren't filtering each other's packets. (I just
double checked the logfile and nothing ever shows up from that
interface, so the bypass rule for the "inside" interface is working
correctly.)
-wolfgang
More information about the bind-users
mailing list