On Thu, 20 Dec 2007, Jason Molzen wrote: > If I send a message that gets signed, there is no change to the ports it > listens on. > > If I receive a message that gets verified (in this case a msg without a > signature), it starts listening on a random udp port: > > ]# netstat -atunp | grep dkim > tcp 0 0 127.0.0.1:8891 0.0.0.0:* > LISTEN 8536/dkim-filter > udp 0 0 0.0.0.0:35969 0.0.0.0:* > 8536/dkim-filter
I think the socket used for DNS queries is allocated and assigned a port number (the latter is done when the descriptor first gets used) but it's not listening for arriving datagrams other than replies. It's probably just the descriptor used to make DNS queries which is kept open between queries. > This is not causing any usability problems, but I do find it > interesting. At one point, I was able to netstat the DNS query, and it > was sent from a low numbered udp port. Not these high numbers that > dkim-milter is listening on after a verify. Are there any concerns with > this peculiar behavior? For the DNS query to come from a low-numbered port (i.e. under 1024), the resolver would have to (a) be running as root, and (b) explicitly bind to a low port number using bind() or bindresvport(). I don't which resolver you're using, but that code certainly does not exist in libar. Can you include a sample from tcpdump? ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
