No local port randomization?

Unbound
1

hi unbound list,

im not achieving any local port randomization whatsoever

in my config i have 0x20 enabled and 3 outgoing interfaces. Must i have
4 outgoing interfaces to enable local port randomization ?

essentially the range of local ports is tiny - probably no more than 100
according to 2 different tests performed

i read the article at www.unbound.net/documentation/patch_announce102.html

where else can i start to troubleshoot this either in my config or
otherwise ?

2

im not achieving any local port randomization whatsoever

What are your settings for outgoing-range: and outgoing-port-permit: ?

in my config i have 0x20 enabled and 3 outgoing interfaces. Must i have
4 outgoing interfaces to enable local port randomization ?

While having multiple IPs/interfaces adds to the randomization of source
address, it should be independant of the port randomization.

essentially the range of local ports is tiny - probably no more than 100
according to 2 different tests performed

Are you behind a NAT that's causing your ports to get NATed
sequentially?

Paul

3

hello paul,

Paul Wouters:

im not achieving any local port randomization whatsoever

What are your settings for outgoing-range: and outgoing-port-permit: ?

outgoing-range: 8192
outgoing-port-permit: 1024-65535

in my config i have 0x20 enabled and 3 outgoing interfaces. Must i have
4 outgoing interfaces to enable local port randomization ?

While having multiple IPs/interfaces adds to the randomization of source
address, it should be independant of the port randomization.

essentially the range of local ports is tiny - probably no more than 100
according to 2 different tests performed

Are you behind a NAT that's causing your ports to get NATed
sequentially?

my unbound:

Version 1.4.20
linked libs: libevent 2.0.21-stable (it uses epoll), ldns 1.6.16,
OpenSSL 1.0.1 14 Mar 2012
linked modules: validator iterator
configured for x86_64-unknown-linux-gnu on Fri Jul 19 07:05:39 EST 2013
with options: '--with-ldns' '--with-libevent'

connected to LAN cable

not sure how any middleware would be mangling this - any suggestions ?