Open ports in Bind

JINMEI Tatuya / 神明達哉 Jinmei_Tatuya at isc.org
Mon Feb 2 23:19:56 UTC 2009


At Mon, 02 Feb 2009 22:32:17 +0330,
"Bind" <bind at dci.ir> wrote:

> maybe my first question type was wrong,sorry for terrible!,my question is:
> when i run netstat -an,why my server has some stablished connection with its 
> own ip address through different source port to one client address?
> 
> example:
> 
> 192.168.1.1.51121 74.222.11.71.53      Connected192.168.1.1.58967 
> 74.222.11.71.53      Connected192.168.1.1.46691 74.222.11.71.53      
> Connected
> 
> does it mean that,,client 74.222.11.71 [http://74.222.11.71/] at the time of 
> snapshot requests 3 dns queries from my server or something else?

These are most likely queries sent from a BIND9 caching server as part
of recursive name resolution.  They are not 'open' ports, but are
temporarily opened and connected to a specific remote server address
for a particular query.

> can we say the number of recursive-clients after run "rndc status" and
> the output of "netstat -an |grep 53 | wc" point to the same thing 
> (regardless of difference to running time)?

Not necessarily, because if named receives a same query from multiple
clients it combines the query and only sends one query to the remote
server.  Also, there are other queries internally sent from named.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.



More information about the bind-users mailing list