Tech W. wrote:
--- On Mon, 18/5/09, Mark Andrews <mark_andr...@isc.org> wrote:
From: Mark Andrews <mark_andr...@isc.org>
Subject: Re: dig info
To: "Tech W." <tech...@yahoo.com.cn>
Cc: bind-users@lists.isc.org
Received: Monday, 18 May, 2009, 10:35 PM
In message <980168.77226...@web15605.mail.cnb.yahoo.com>,
"Tech W." writes:
Sometime I dig a domain name, it returns the results
below:
;; reply from unexpected source: 59.42.52.246#59721,
expected 211.66.80.167#5
3
;; reply from unexpected source: 59.42.52.246#59721,
expected 211.66.80.167#5
3
;; reply from unexpected source: 59.42.52.246#59721,
expected 211.66.80.167#5
3
;; connection timed out; no servers could be reached
Is this a linux box dig is running
on? Some linux kernels
have the worst possible UDP port
selection algorithms. They
keep selecting the port that was last
selected provided it
is closed before you get the next port
selection request.
On a box with several short lived UDP
sockets you will
almost certainly get reply traffic
destined to the last
user of the port.
This is what is happening here, dig
seeing replies to
whatever was using the port immediately
before dig was run.
Yes Mark it's a linux box with kernel 2.6.24.
But I still can't understand for your meanings.
Could you please explain it with more clear way?
Thanks again.
1. Some (non-DNS) app gets assigned a socket with port X
2. It communicates with another device over that socket
3. It closes the socket before the other device is done sending data
4. The same socket with port X gets immediately re-assigned to a new
"dig" instance
5. dig sends a query packet somewhere, listens for responses
6. Some of the packets from the previous (non-DNS) transaction arrive at
the socket
7. dig complains, because the source address of the incoming packets
doesn't match the destination of the original query that it sent
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
