Routing DNS through VPN

Yeah looking more closely, I think trendy is right. OpenWrt makes a query, gets a result, then closes the listening port, then somehow gets a second response packet... and sends an ICMP saying "I won't accept this extra packet" this is ignorable.

Intriguing. Why several outgoing packets per DNS query? Shouldn't just be one?

Is this a bug?

This might be an attempt to reduce latency in the presence of UDP unreliability. Perhaps the idea is you send 3 packets and hope for one to get through and come back reliably?


UDP is not reliable, as you said, and it is common to send more than one packets, sometimes distributing them among the available nameservers, in hope to get one response back. After it has an answer, it will not wait other responses and close the sockets, hence the port unreachable.

1 Like

@trendy and @dlakelan thank you for your helpful insights and expertise on this thread.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.