--- Begin Message ---
On Tue, Sep 8, 2020 at 5:00 PM John Levine <[email protected]> wrote:
>
> In article <[email protected]> you write:
> >> Seems to me that would be true for any software that uses the usual
> >> BSD or linux socket calls that match the host and port ...
>
> >You're conflating binding the UDP socket which specifies the *local end*
> >of the UDP socket (and behaves as you describe) with the somewhat less
> >common practice of "connecting" the UDP socket (done by DNS resolvers of
> >various stripes) which then also limits the *remote peer* ...
>
> Right, but I'd think that would be the usual way to do it. I suppose
> the alternative is for each request, pick a port, do a send using that
> port, then do a separate recv on the same port, but unless you're
> actively trying to work around the wrong IP bug, why would you do
> that?
A single recursive resolver process can make a large number of
outbound requests to thousands (if not more) of nameservers. Keeping
one socket for each unique combination of (resolver IP, nameserver IP)
becomes expensive in such an environment. Using more than one resolver
IP provides additional entropy for the queries.
-Puneet
>
> _______________________________________________
> dns-operations mailing list
> [email protected]
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
