Hello,
Yesterday, I noticed for the first time that my Unbound server has ping a
lot of DNS servers (something like 4000 in 30 minutes).
I think it's the Unbound process that is responsible of all the traffic but
I prefer be sure and also I'm curious about the purpose of this feature.
Can anyone have information about it ?
Thanks in advance,
Mathieu
Hi Mathieu,
Hello,
Yesterday, I noticed for the first time that my Unbound server has
ping a lot of DNS servers (something like 4000 in 30 minutes).
Unbound does not send ICMP itself. Does not ping, it sends DNS UDP
datagrams. The ping-times it can report via unbound-control are
really UDP DNS datagram roundtrip times, they are not ICMP ping packets.
I think it's the Unbound process that is responsible of all the
traffic but I prefer be sure and also I'm curious about the purpose
of this feature.Can anyone have information about it ?
There can be port-closed ICMP replies from your machine, if a UDP
reply hits a port on the machine that unbound has closed.
This could be side-effect of a 'Kaminsky' attack on your machine, or
simply replies bouncing off closed ports due to port randomization and
UDP-delays.
Best regards,
Wouter