dig info

Kevin Darcy kcd at chrysler.com
Mon May 18 18:23:25 UTC 2009 

Tech W. wrote:
>
> --- On Mon, 18/5/09, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
>   
>> From: Mark Andrews <Mark_Andrews at isc.org>
>> Subject: Re: dig info
>> To: "Tech W." <techwww at yahoo.com.cn>
>> Cc: bind-users at lists.isc.org
>> Received: Monday, 18 May, 2009, 10:35 PM
>>
>> In message <980168.77226.qm at web15605.mail.cnb.yahoo.com>,
>> "Tech W." writes:
>>     
>>> Sometime I dig a domain name, it returns the results
>>>       
>> below:
>>     
>>> ;; reply from unexpected source: 59.42.52.246#59721,
>>>       
>> expected 211.66.80.167#5
>>     
>>> 3
>>> ;; reply from unexpected source: 59.42.52.246#59721,
>>>       
>> expected 211.66.80.167#5
>>     
>>> 3
>>> ;; reply from unexpected source: 59.42.52.246#59721,
>>>       
>> expected 211.66.80.167#5
>>     
>>> 3
>>> ;; connection timed out; no servers could be reached
>>>       
>>     Is this a linux box dig is running
>> on?  Some linux kernels
>>     have the worst possible UDP port
>> selection algorithms.  They
>>     keep selecting the port that was last
>> selected provided it
>>     is closed before you get the next port
>> selection request.
>>     On a box with several short lived UDP
>> sockets you will
>>     almost certainly get reply traffic
>> destined to the last
>>     user of the port.
>>
>>     This is what is happening here, dig
>> seeing replies to
>>     whatever was using the port immediately
>> before dig was run.
>>     
>>  
>>     
>
>
> Yes Mark it's a linux box with kernel 2.6.24.
> But I still can't understand for your meanings.
> Could you please explain it with more clear way?
> Thanks again.
>   
1. Some (non-DNS) app gets assigned a socket with port X
2. It communicates with another device over that socket
3. It closes the socket before the other device is done sending data
4. The same socket with port X gets immediately re-assigned to a new 
"dig" instance
5. dig sends a query packet somewhere, listens for responses
6. Some of the packets from the previous (non-DNS) transaction arrive at 
the socket
7. dig complains, because the source address of the incoming packets 
doesn't match the destination of the original query that it sent

                                                                         
                        - Kevin

More information about the bind-users mailing list