<div><div><br></div><div><br><div class="gmail_quote"></div></div></div><div><div dir="ltr">On Fri, Dec 7, 2018 at 5:19 AM Ralph Seichter <<a href="mailto:m16%2Bbind@monksofcool.net" target="_blank">m16+bind@monksofcool.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">* Jakob Dhondt:<br>
<br>
> I have just noticed that when using dig (different versions) on Mac OS<br>
> (High Sierra) over IPv6 the source port is not randomized.</blockquote><div dir="auto"><br></div></div><div><div dir="auto">Hmmm. I’d never noticed that, but I certainly wouldn’t have expected it - I’m also wondering *how* it is doing this — to increment by 2 it sounds like there is state being kept - perhaps dig simply relies on the kernel for the source port and isn’t randomizing at all ( and so the difference is actually OS difference, and not dig differences?</div></div><div><div><div class="gmail_quote"><div dir="auto"><br></div><div dir="auto"><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
I may be having a senior moment, but don't IPv6 privacy extensions cover<br>
address randomization rather than port randomization?<br>
</blockquote><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Yes, but this has nothing to do with v6 privacy addresses - they are orthogonal...</div><div dir="auto"><br></div><div dir="auto">W</div><div dir="auto"><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
-Ralph<br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div></div>
</div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">I don't think the execution is relevant when it was obviously a bad idea in the first place.<br>This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.<br> ---maf</div>