Maintained by: NLnet Labs

[Unbound-users] DNS query source IP/Port persistance and unbound vs djbdns dnscache

Pui Edylie
Thu Jun 12 04:59:36 CEST 2014


Best,
Edy

----- Reply message -----
From: "Paul Niemi" <paul.niemi at tbaytel.com>
To: <unbound-users at unbound.net>
Subject: [Unbound-users] DNS query source IP/Port persistance and unbound vs djbdns dnscache
Date: Wed, Jun 11, 2014 11:39 PM

We are an ISP in the process of moving from djbdns dnscache to 
unbound.  We have issues with DSL gateways that have buggy firmware 
(that is being addressed, but it is a long/slow process) that causes DNS
requests to have a constant source IP/port.  We understand that each 
request should have a new random source port.  With djbdns dnscache, we had to 
use a source NAT on the queries to our DNS servers to address this 
issue, since requests would be blocked by djbdns dnscache after a period
of time.  We would like to remove this source NAT with our move to 
unbound, but we are not sure how unbound will respond to our problem 
gateways.


Will unbound see this constant source IP/port as unusual, and block 
further DNS queries in a similar manner after a period of time?  In 
other words, will we require the the source NAT with unbound, until we 
can fix the buggy gateways?


Thank you,

Paul









This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by e-mail if you have received this email by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140612/e0ef1c0b/attachment.html>