This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

ICMP destination unreachable to DNS server?

0

Hi,

Could someone validate the explanation given in 2007 (3rd post) https://community.barracudanetworks.com/forum/index.php?/topic/8683-icmp-destination-unreachable-to-dns-server/ for the last ICMP packet in the DNS trace?

I am seeing similar behavior on a Windows client. https://www.dropbox.com/s/aef1rbjuj5lz1bj/dns_icmp.pcapng?dl=0

Windows Client - 192.168.30.124 Windows DNS Server - 192.168.30.5

Thank you

asked 11 Oct '16, 08:53

net_tech's gravatar image

net_tech
116303337
accept rate: 13%


One Answer:

1

I totally agree with that explanation. The DNS client's timeout for arrival of a DNS response does exist, and in your case it is shorter than the server's response time. After expiration of that timeout the client unbinds from the socket, causing icmp destination unreachable to be sent in response to anything arriving to that socket, including a valid DNS response.

If you are interested in details, you can create a batch file like

@echo off
for /l %%x in (1, 1, 60) do (
   echo %%x
   netstat -p udp
   timeout 1
)

run it with output redirected to a file and initiate, from another window, the DNS query which you know will fail this way. In the output file, you should see for how long the DNS client keeps the socket open.

answered 11 Oct '16, 11:12

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%