On Mon, 2016-03-28 at 12:11 -0700, Rick Jones wrote: > I was under the impression that individual DNS queries were supposed to > have not only random DNS query IDs but also originate from random UDP > source ports. https://tools.ietf.org/html/rfc5452 4.5 at least touches > on the topic but I don't see it making it hard and fast. By section 10 > though it is more explicit: > > This document recommends the use of UDP source port number > randomization to extend the effective DNS transaction ID beyond the > available 16 bits. > > That being the case, if indeed there were to be 30000-odd concurrent > requests outstanding "upstream" from that location there'd have to be > 30000 ephemeral ports in play.
Sure, so these heavy duty programs have to consider the randomness implications already, when picking a port in their pool. Using the kernel and force socket()/bind()/close() in the hope to get random values is safe, but never had been optimal for performance. Note : file structures got RCU freeing back in 2.6.14, and I do not think named users ever complained about added cost ;)
