dig info
Kevin Darcy
kcd at chrysler.com
Mon May 18 18:23:25 UTC 2009
Tech W. wrote:
>
> --- On Mon, 18/5/09, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
>
>> From: Mark Andrews <Mark_Andrews at isc.org>
>> Subject: Re: dig info
>> To: "Tech W." <techwww at yahoo.com.cn>
>> Cc: bind-users at lists.isc.org
>> Received: Monday, 18 May, 2009, 10:35 PM
>>
>> In message <980168.77226.qm at web15605.mail.cnb.yahoo.com>,
>> "Tech W." writes:
>>
>>> Sometime I dig a domain name, it returns the results
>>>
>> below:
>>
>>> ;; reply from unexpected source: 59.42.52.246#59721,
>>>
>> expected 211.66.80.167#5
>>
>>> 3
>>> ;; reply from unexpected source: 59.42.52.246#59721,
>>>
>> expected 211.66.80.167#5
>>
>>> 3
>>> ;; reply from unexpected source: 59.42.52.246#59721,
>>>
>> expected 211.66.80.167#5
>>
>>> 3
>>> ;; connection timed out; no servers could be reached
>>>
>> Is this a linux box dig is running
>> on? Some linux kernels
>> have the worst possible UDP port
>> selection algorithms. They
>> keep selecting the port that was last
>> selected provided it
>> is closed before you get the next port
>> selection request.
>> On a box with several short lived UDP
>> sockets you will
>> almost certainly get reply traffic
>> destined to the last
>> user of the port.
>>
>> This is what is happening here, dig
>> seeing replies to
>> whatever was using the port immediately
>> before dig was run.
>>
>>
>>
>
>
> Yes Mark it's a linux box with kernel 2.6.24.
> But I still can't understand for your meanings.
> Could you please explain it with more clear way?
> Thanks again.
>
1. Some (non-DNS) app gets assigned a socket with port X
2. It communicates with another device over that socket
3. It closes the socket before the other device is done sending data
4. The same socket with port X gets immediately re-assigned to a new
"dig" instance
5. dig sends a query packet somewhere, listens for responses
6. Some of the packets from the previous (non-DNS) transaction arrive at
the socket
7. dig complains, because the source address of the incoming packets
doesn't match the destination of the original query that it sent
- Kevin
More information about the bind-users
mailing list