* John Levine: > In article <[email protected]> you write: >>> Seems to me that would be true for any software that uses the usual >>> BSD or linux socket calls that match the host and port ... > >>You're conflating binding the UDP socket which specifies the *local end* >>of the UDP socket (and behaves as you describe) with the somewhat less >>common practice of "connecting" the UDP socket (done by DNS resolvers of >>various stripes) which then also limits the *remote peer* ... > > Right, but I'd think that would be the usual way to do it. I suppose > the alternative is for each request, pick a port, do a send using that > port, then do a separate recv on the same port, but unless you're > actively trying to work around the wrong IP bug, why would you do > that?
It's the only way to get source port randomization on systems where the kernel picks a predictive source port number when binding a socket. You keep open a few thousand sockets all the time and choose one randomly to send the query. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
