Maintained by: NLnet Labs

[Unbound-users] Unbound and ICMP

W.C.A. Wijngaards
Thu Jul 26 11:27:33 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mathieu,

On 07/26/2012 11:04 AM, gauthierl wrote:
> Hello,
> 
> Yesterday, I noticed for the first time that my Unbound server has
> ping a lot of DNS servers (something like 4000 in 30 minutes).

Unbound does not send ICMP itself.  Does not ping, it sends DNS UDP
datagrams.  The ping-times it can report via unbound-control are
really UDP DNS datagram roundtrip times, they are not ICMP ping packets.

> I think it's the Unbound process that is responsible of all the
> traffic but I prefer be sure and also I'm curious about the purpose
> of this feature.
> 
> Can anyone have information about it ?

There can be port-closed ICMP replies from your machine, if a UDP
reply hits a port on the machine that unbound has closed.

This could be side-effect of a 'Kaminsky' attack on your machine, or
simply replies bouncing off closed ports due to port randomization and
UDP-delays.

Best regards,
   Wouter

> Thanks in advance, Mathieu
> 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQEQ2EAAoJEJ9vHC1+BF+Nw/cP/2t9G1pd+0smML0s6He0DH4w
Z6Sd2EfDJrDDgzk9mMk38rd8KjSk9eand81DnpZcaJxZeVN3oCFxIPHEQJi+aYzL
Nive/jxq6RhAP7ckhZVnEqM6IoXY9za9/I7GbM2m9CdOD2wMEyBjF7XWdBJ+9FaR
Lekm28b+uh2LffUg+vg7rINzULc1aUZ5rRi2wwpzBoJFSAf/pB+SIhxJ97+CqFgH
igGtohx68zN0Oi3uIGrH1ryaP19Q4moJlV7Vtj8Dr4Z9Hn+gLF3CgdmoYVY2muxx
aKfCP4KqseGyH+T+BTHI6F/padjIiJ4u++QhxlwAxuWXh6coSslhZ/orFqIy0eWO
lIf/B9h8EOWAOR/XHyAC6+0YAs/OQ6PORC/pkD454DOCbwO5RCLsimI2O8YbU2Rn
+BkartbE5i/5oith4CGCUAWayhuVKLjK6nQQ9mmP28u9RcucFNp83UGFySBrf4zo
CMn93emdPxRHnxSnwgKKBxOKf1MciHxAe0eG9NClMv/PpaY9J2EA6leim+OrGNls
5GXAocxPZ8ejGyfZz+qK4ypj+rwzBFggLmR6jsIyZaf+SbFjlsufg5yt85Qw6tE+
JDxkNyafszONPihbsn+fGNBWvEzQYDCDMfT/h5SMkt4sVEUSypOaen3P9DCmeVR8
6MpDH7hRzwm85BmOgF25
=24su
-----END PGP SIGNATURE-----