Maintained by: NLnet Labs

matching the source ip and port

Anand Buddhdev
Fri Aug 19 23:27:17 CEST 2016


On 19/08/16 23:03, pm8pm8--- via Unbound-users wrote:

Hi,

> When receiving a response to a DNS query, does Unbound match the source ip 
> of the response to the destination ip of the query and discard the response 
> if they do not match? Does it match the ports?
> I.e. apart from checking
> query.transactionID == response.transactionID
> does Unbound check for
> query.destinationIP == response.sourceIP
> and
> query.destinationPort == response.sourcePort?

Yes, it does. Without such checks the cache could be trivially poisoned.

--
Anand