Here is the data in a ICMP Destination unreachable (Port unreachable) packet, as an image (couldn't figure out how to copy/paste it): Contrary to RFC792, the 1st 6 bytes of the packet are the Mac Address of the Server hosting the DNS. Here is a breakdown of such a packet, and from what I can see, it is not following the RFC792 format, as per the example shown below. How can I match the ICMP Destination unreachable (Port unreachable) error report packet from the HOST to the packet that cause the error ie, which query response was not delivered? (See black/selected blue packets in the image below.)
But I'm wondering if mDNSResponder is closing the ephemeral ports before the responses are returned, a kind of accounting problem? Not being a regular user of Wireshark, I am having difficulty matching the requests with responses, so my question is:
In my case, I have IPv6 resolution turned off in my DNS server, so I'm only asking for A records. Shuts down the socket so that all other responses are rejected (port "AAAA" record, but after the first response it cancels the queries and mDNSResponder queries for both the "A" and Of particular relevance is a thread which Andy references, and I'm wondering if this issue with mDNSResponder, or something similar, still exists as I believe it could explain the problem I'm having. Whilst investigating the problem and searching the web, I came across a short thread in google groups: 10.6 DNS resolution, does not obey DNS server priority from DHCP that intrigued me. Whilst things are looking much better here, I am still getting a few of these packets periodically and I would like to fix the issue that is causing them, whilst I have the momentum. Over the last few hours, my DNS resolution seems stable and the number of these packets has reduced significantly. The symptom of the problem seemed to be that my HOST was generating a lot of ICMP Destination unreachable (Port unreachable) packets that were being sent back to my DNS server. I used Wireshark to help me debug the above problem. The server would sporadically resolve my local (internal access only) domains but later refuse to resolve them (only to recommence resolution some time later).
I was having some local domain resolution problems with a DNS server I have setup inside a VirtualBox 'Host-Only' network that I think I've now fixed.
0 kommentar(er)
