no port randomization with dig over IPv6 on mac os
Tony Finch
dot at dotat.at
Mon Dec 10 14:56:45 UTC 2018
Warren Kumari <warren at kumari.net> wrote:
> I’m also wondering *how* it is doing this — to increment by 2 it sounds
> like there is state being kept - perhaps dig simply relies on the kernel
> for the source port and isn’t randomizing at all ( and so the difference is
> actually OS difference, and not dig differences?
Yes. It's also a protocol family difference, because Mac OS does randomize
over IPv4. (Not doing so over IPv6 must be a bug....)
There are sysctls:
net.inet.tcp.randomize_ports: 0
net.inet.udp.randomize_ports: 1
The net.inet sysctls for UDP and TCP should also apply to inet6...
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Malin, Hebrides: South or southeast 5 to 7, occasionally gale 8 in Hebrides,
perhaps gale 8 later in Malin. Moderate or rough, becoming rough or very
rough. Occasional rain. Good, occasionally poor.
More information about the bind-users
mailing list