Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2020-05-22 14:23:42 +0000

daveh47 gravatar image

DNS Delay, ICMP message sent from query sender.

Packet Capture

  • 10.1.60.27 = client sending query for google.co.uk
  • 10.1.10.1 = DNS Forwarder, forwards to 192.168.0.1
  • 192.168.0.1 = DNS server

I am testing delay in my lab. My DNS forwarding server is timing out as expected. My question is about the ICMP messages. The ICMP response is from my forwarding server 10.1.10.1, towards a recursive DNS server at 192.168.0.1

Am I correct in thinking for example, packet 40 is a correct response but because my server has waited too long, it responds in packet 41 with port unreachable, this response is because the forwarder at 10.1 does not have services open on the dst port (45293 in this case) The server sees packet 40 as a request for port 45293 instead of a response to the query in packet 28, due to the response taking too long.

DNS Delay, ICMP message sent from query sender.

Packet Capture

  • 10.1.60.27 = client sending query for google.co.uk
  • 10.1.10.1 = DNS Forwarder, forwards to 192.168.0.1
  • 192.168.0.1 = DNS server

I am testing delay in my lab. My DNS forwarding server is timing out as expected. My question is about the ICMP messages. The ICMP response is from my forwarding server 10.1.10.1, towards a recursive DNS server at 192.168.0.1

Am I correct in thinking for example, packet 40 is a correct response but because my server has waited too long, it responds in packet 41 with port unreachable, this response is because the forwarder at 10.1 does not have services open on the dst port (45293 in this case) The server sees packet 40 as a request for port 45293 instead of a response to the query in packet 28, due to the response taking too long.

added link to image https://imgur.com/a/pA7fgCZ

click to hide/show revision 3
None

updated 2020-05-22 14:31:32 +0000

grahamb gravatar image

DNS Delay, ICMP message sent from query sender.

Packet Capture An image of the issue:

  • 10.1.60.27 = client sending query for google.co.uk
  • 10.1.10.1 = DNS Forwarder, forwards to 192.168.0.1
  • 192.168.0.1 = DNS server

I am testing delay in my lab. My DNS forwarding server is timing out as expected. My question is about the ICMP messages. The ICMP response is from my forwarding server 10.1.10.1, towards a recursive DNS server at 192.168.0.1

Am I correct in thinking for example, packet 40 is a correct response but because my server has waited too long, it responds in packet 41 with port unreachable, this response is because the forwarder at 10.1 does not have services open on the dst port (45293 in this case) The server sees packet 40 as a request for port 45293 instead of a response to the query in packet 28, due to the response taking too long.

added link to image https://imgur.com/a/pA7fgCZ