Maintained by: NLnet Labs

[Unbound-users] unbound closes receive socket => udp probes

W.C.A. Wijngaards
Mon Jul 8 16:25:19 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ilya,

On 07/03/2013 04:03 PM, Phil Mayers wrote:
> On 03/07/13 14:07, Ilya Bakulin wrote:
> 
>> Please tell me if this problem has a chance to be fixed.
> 
> I also think it would be good to alleviate this issue. It's polite
> to the network and other hosts to properly receive reply packets to
> your own requests, even if you no longer need them.

The packets have timed out.  We do not expect them any longer.  A
retry is probably sent over another port number (randomised) and thus
uses a different socket.

I do not know how to do what you ask - keep the port open for a reply
that arrives later than expected, in a way that is good for
performance and on resources.  The time limit is 2*sigma based on past
observations (a smoothed rtt).  Performance will go down significantly
when more sockets are kept open.  Also sockets are a limited resource,
and keeping them open means other requests cannot be dealt with.

So, although I understand this ICMP port closed is troublesome, I do
not know how to get rid of it.  Is there something I can tell the
kernel that stops the ICMP port closed (for UDP)?  Should unbound
listen to raw sockets and somehow remove the packet destined for an
old port (but what if someone runs 'dig' and it uses a random port
that unbound just previously used?).

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR2svPAAoJEJ9vHC1+BF+NXpEQAI4Z4stfjBRgNMQ8neLgjVj2
OYJsxZdV0b6wjVyhrcnp2ioAjtu9Wu/LJYSsybOe22IEVevJnUV0JamNHHx4xu/4
yCmZ8p4VclNEqg9+L8O36mSkBM4u4ZJtwVQ/zOPX/m6RArj5kjB4T7ZOlA+uQ8H1
PZtQMmg1sdhddhGGZlOKuM8hoSh8aceTMRCqeFzBj2BFCEXp4/FFv+jUpyGvLC5E
z/J9IPdC5CmKv4tLlvFgrEfxb19XVBLtEO8DbIBFVsPOFFePPeSsdMQkAW43DXPZ
vCW9B3Rr8j/VjqpNvwFKnBJ1/L2k8MARXSf+TThzZx5jjQJl7VjrU6ma6BIfd+1T
IN1M+As8Vy0uNO6G3DbSHciivIQC7FueOGx3vxmWNWkqumHJ6DNB5n3xn4h22UcJ
vdqSjMuncbxN8dz+SMsNGOYCS6gcSw6iPxNt+XZH3/xmo0O0WAp0lOXLDtE2gj/0
MZsfP/Vmgbdn44phgEPbmF98RnelepO8pEyKyBuvjMYiDvrVWw6kt7HGnCA+x/Zz
zVswgAxXsBtpH8I1VlIVc6s5Sitg76QkjrZiw9KZNMAIAjCtcZfbTWNeKYfh/aC4
2zXRpWaLetW3AvkVZW+CFxeWMty+o72TqHK39Xe5XqBVPxjyfBEEGy16ih72gLhw
JYpO+I/JpvP419Wdlett
=ug7g
-----END PGP SIGNATURE-----