The tool queryperf is a useful tool and it gives you details about a DNS
server performance. However, it would be useful to have an option in
queryperf to use random source ports to test real life scenarios.
--
Abdulla Ahmad Bushlaibi
On 3/31/2010 12:07 AM, Kevin Darcy wrote:
On 3/30/2010 8:00 AM, Tony Finch wrote:
On Tue, 30 Mar 2010, Abdulla Bushlaibi wrote:
We are facing query drops by using dnsperf tool from ISC testing the
DNS
service via load balancer. Multiple queries from the same source
port are
being dropped partially by the load balancer and as per the load
balancer
vendor feed back, this is a security feature and this situation
doesn't happen
in real life scenarios.
High performance stub resolvers like adns use the same UDP port for many
queries.
Thus reducing entropy and commensurately increasing the chance of
accepting a spoofed response as genuine.
I think the load-balancer vendor has the right default here, and adns
should re-think their methodology.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
