Many udp ports open in bind 9.5.1

Mike Bernhardt bernhardt at bart.gov
Fri Feb 13 19:15:55 UTC 2009


What you’re seeing is ports your server has opened for queries. Then it
holds the port open while waiting for a reply and for some time after that.
For example, FROM ls1.tel.net.ba:29825 TO 203.64.139.9:domain. By design, if
someone does a lot of queries to crackerjack.net, your server is going to
source the queries from a different port each time.

If you are having a problem with crackerjack.net, I don't think it's a BIND
problem, it's a personnel management or desktop problem.

________________________________________
From: Elizabeta Zadro [mailto:elizabeta.zadro at tel.net.ba] 
Sent: Friday, February 13, 2009 10:32 AM
To: bind-users at lists.isc.org
Subject: Many udp ports open in bind 9.5.1

Before I had bind-9.5.0-P2 and now I upgrade to bind-9.5.1. I readed that in
bind-9.5.1 is  additional support for query port randomization
including performance improvement and port range specification.

But is this ok?

netstat

udp        0      0 ls1.tel.net.ba:29825        203.64.139.9:domain        
ESTABLISHED
udp        0      0 ls1.tel.net.ba:24836        static.213-133-1:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:21124        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:60933        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:50446        ns1.dynadot.com:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:61075        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:21915        firewall.camping:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:18076        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:31142        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:6311         208.66.192.102:domain      
ESTABLISHED
udp        0      0 ls1.tel.net.ba:3369         crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:36017        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:40502        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:17719        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:37307        189.40.238.6:domain        
ESTABLISHED
udp        0      0 ls1.tel.net.ba:46274        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:11719        ns2.suspended-fo:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:51400        ns2.suspended-fo:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:34386        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:32600        crackerjack.net:domain   
  ESTABLISHED
udp        0      0 ls1.tel.net.ba:20732        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:61023        bod40.i0waterfor:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:60767        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:9450         crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:28270        43.72.84ae.stati:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:43630        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:39417        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:24569        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:24569        crackerjack.net:domain     
ESTABLISHED
Active UNIX domain sockets (w/o servers)


netstat after 5 min.


udp        0      0 ls1.tel.net.ba:16525        202.153.32.6:domain        
ESTABLISHED
udp        0      0 ls1.tel.net.ba:8975         a.gtld-servers.net:domain  
ESTABLISHED
udp        0      0 ls1.tel.net.ba:50959        60.217.239.181:domain      
ESTABLISHED
udp        0      0 ls1.tel.net.ba:61714        208.72.175.3:domain        
ESTABLISHED
udp        0      0 ls1.tel.net.ba:37656        66.232.104.156:domain      
ESTABLISHED
udp        0      0 ls1.tel.net.ba:39455        79.135.181.219:domain      
ESTABLISHED
udp        0      0 ls1.tel.net.ba:60193        64.38.223.8:domain         
ESTABLISHED
udp        0      0 ls1.tel.net.ba:21540        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:19494        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:25266        crackerjack.net:domain  
   ESTABLISHED
udp        0      0 ls1.tel.net.ba:50355        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:20923        a.gtld-servers.net:domain  
ESTABLISHED
udp        0      0 ls1.tel.net.ba:58044        ns.kuins.kyoto-u:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:16575        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:45376        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:34372        ns1.tahoe.everyd:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:65489        170.185.16.2:domain        
ESTABLISHED
udp        0      0 ls1.tel.net.ba:7506         12.154.116.35:domain       
ESTABLISHED
udp        0      0 ls1.tel.net.ba:56658        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:45396        ns2.suspended-fo:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:50905        a.gtld-servers.net:domain  
ESTABLISHED
udp        0      0 ls1.tel.net.ba:3673         bod41.i0waterfor:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:31833        64.38.223.8:domain         
ESTABLISHED
udp        0      0 ls1.tel.net.ba:11872        crackerjack.net:domain     
ESTABLISHED
udp        0      0 ls1.tel.net.ba:65519        alius.crackerjac:domain    
ESTABLISHED
udp        0      0 ls1.tel.net.ba:18549        ns1.crsnic.net:domain      
ESTABLISHED
udp        0      0 ls1.tel.net.ba:28023        114-32-136-127.H:domain
    ESTABLISHED
udp        0      0 ls1.tel.net.ba:12921        79.135.181.219:domain      
ESTABLISHED


As you can see, the ports are changing, but there is always crackerjack.net
every time on differnet ports? Can I simply put this user in IP tables?
In previously version bind-9.5.0-P2 there was not at all ESTABLISHED socket
from foreign users. 
Otherwise, My network and configuration is the same like before upgrade.
Only when I upgreded to bind 9.5.1., there are now many udp socket. Is this
characteristical behaviour for bind.9.5.1?

I'm going to www.isc.org but I can't find this answers? Please can you
answer of my question?

Thanks in advance!

Elysabeth



More information about the bind-users mailing list