Maintained by: NLnet Labs

[Unbound-users] DNS query source IP/Port persistance and unbound vs djbdns dnscache

Paul Niemi
Wed Jun 11 17:39:55 CEST 2014


We are an ISP in the process of moving from djbdns dnscache to unbound.  We
have issues with DSL gateways that have buggy firmware (that is being
addressed, but it is a long/slow process) that causes DNS requests to have
a constant source IP/port.  We understand that each request should have a
new random source port.  With djbdns dnscache, we had to use a source NAT
on the queries to our DNS servers to address this issue, since requests
would be blocked by djbdns dnscache after a period of time.  We would like
to remove this source NAT with our move to unbound, but we are not sure how
unbound will respond to our problem gateways.

Will unbound see this constant source IP/port as unusual, and block further
DNS queries in a similar manner after a period of time?  In other words,
will we require the the source NAT with unbound, until we can fix the buggy
gateways?

Thank you,

Paul
<https://anywhere.exchserver.com/owa/redir.aspx?C=470ce06163a045ee9da8a0bc65439d0c&ur>

-- 

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager. 
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this email. Please notify the sender 
immediately by e-mail if you have received this email by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140611/8b06a0d9/attachment-0001.html>