On 4/1/2010 12:37 AM, Mark Andrews wrote:
In message<4bb1c63b.30...@ies.etisalat.ae>, Abdulla Bushlaibi writes:
We are facing query drops by using dnsperf tool from ISC testing the DNS
service via load balancer. Multiple queries from the same source port
are being dropped partially by the load balancer and as per the load
balancer vendor feed back, this is a security feature and this situation
doesn't happen in real life scenarios.
Most of the cases, clients are generating unique random source ports for
each DNS query, however we are not sure about the option of reusing the
same source port for multiple queries and how does it apply in real life
scenarios.
Appreciate your comment on this subject.
--
Abdulla Ahmad Bushlaibi
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
A load balancer that cannot cope with multiple outstanding queries
that have the same source port is broken. A server (and that
includes any load balancer in front of it) should not care about
the source port.
Re-use of source ports for DNS queries is a bad security practice. I
cast my vote in favor of penalizing it, in the default configuration of
any device that responds to DNS requests.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
