Same source port queries dropped by ServerIron load balancer
Abdulla Bushlaibi
abushlaibi at ies.etisalat.ae
Wed Mar 31 06:01:08 UTC 2010
The tool queryperf is a useful tool and it gives you details about a DNS
server performance. However, it would be useful to have an option in
queryperf to use random source ports to test real life scenarios.
--
Abdulla Ahmad Bushlaibi
On 3/31/2010 12:07 AM, Kevin Darcy wrote:
> On 3/30/2010 8:00 AM, Tony Finch wrote:
>> On Tue, 30 Mar 2010, Abdulla Bushlaibi wrote:
>>
>>> We are facing query drops by using dnsperf tool from ISC testing the
>>> DNS
>>> service via load balancer. Multiple queries from the same source
>>> port are
>>> being dropped partially by the load balancer and as per the load
>>> balancer
>>> vendor feed back, this is a security feature and this situation
>>> doesn't happen
>>> in real life scenarios.
>> High performance stub resolvers like adns use the same UDP port for many
>> queries.
>>
> Thus reducing entropy and commensurately increasing the chance of
> accepting a spoofed response as genuine.
>
> I think the load-balancer vendor has the right default here, and adns
> should re-think their methodology.
>
>
> - Kevin
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list