At Fri, 13 Feb 2009 19:10:02 +0100, "Elizabeta Zadro" <elizabeta.za...@tel.net.ba> wrote:
> Before I had bind-9.5.0-P2 and now I upgrade to bind-9.5.1. I readed that in > bind-9.5.1 is additional support for query port randomization > > including performance improvement and port range specification. > > But is this ok? [snip] > As you can see, the ports are changing, but there is always crackerjack.net > every time on differnet ports? Can I simply put this user in IP tables? I don't (necessarily) think so. This can happen if (names under) that domain is popular for your clients. Unless these queries make your server unacceptably busy or cause other troubles such as increase of SERVFAIL results, you can just let them be asked. You may also want to check which names (and types) under crackerjack are being asked by rndc recursing and which clients ask them to see whether they are just frequently asked or are a result of some malicious attempt. > In previously version bind-9.5.0-P2 there was not at all ESTABLISHED socket > from foreign users. > Otherwise, My network and configuration is the same like before upgrade. > Only when I upgreded to bind 9.5.1., there are now many udp socket. Is this > characteristical behaviour for bind.9.5.1? 'ESTABLISHED' is a feature of 9.5.1, which now uses connected UDP sockets. It's not a bad thing per se; rather, it helps improve stability and performance. Also, you should have seen 'many udp sockets' in 9.5.0-P2, too. Using a (possibly) large number of UDP sockets is common both in 9.5.0-P2 and 9.5.1. --- JINMEI, Tatuya Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users