This days i got a strange behavior in my network/bind server.
Each 20/30 minutes and lasting about 5 minutes i got 'timeout' in bind querys. After that time everything works fine again.
My bind server got response (from 0.1 to 2 seconds) but reply with a ICMP 'port unreachable'.
Any idea the problem or what i can check?
UPDATE: Looking to the UDP/DNS packets seems the packet always begin arrive more than 2 seconds later, probably the bind server close the socket" and that is why send a ICMP Port unrecheable in response
Firewall is off while testing.
My bind server is a NAT router.
I install bind in other server (VM with debian), default config, i got same problem, seems something wrong in the nat router perhaps?
But the only problem seems only the bind/udp querys
The server is running latest Ubuntu Server LTS 20.04.03 , doing Nat/Firewall, DHCP Server and DNS server. Nothing more, no X.
It's a J1800 (dual core) 4GB ram.
ICMP msg
Frame 4701: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Jan 9, 2022 23:06:50.500852000 Hora estándar romance
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1641766010.500852000 seconds
[Time delta from previous captured frame: 0.006536000 seconds]
[Time delta from previous displayed frame: 0.006536000 seconds]
[Time since reference or first frame: 14.917496000 seconds]
Frame Number: 4701
Frame Length: 150 bytes (1200 bits)
Capture Length: 150 bytes (1200 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3), Dst: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
Destination: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
Address: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3)
Address: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src:, Dst:
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 136
Identification: 0x0000 (0)
Flags: 0x40, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 64
Protocol: UDP (17)
Header Checksum: 0x1ab9 [validation disabled]
[Header checksum status: Unverified]
Source Address:
Destination Address:
User Datagram Protocol, Src Port: domain (53), Dst Port: 57160 (57160)
Source Port: domain (53)
Destination Port: 57160 (57160)
Length: 116
Checksum: 0x168c [unverified]
[Checksum Status: Unverified]
[Stream index: 141]
[Time since first frame: 2.003007000 seconds]
[Time since previous frame: 2.003007000 seconds]
UDP payload (108 bytes)
Domain Name System (response)
Transaction ID: 0x187b
Flags: 0x8400 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 0
Additional RRs: 1
Queries type A, class IN
[Name Length: 33]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers type CNAME, class IN, cname
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 1800 (30 minutes)
Data length: 18
CNAME: type A, class IN, addr
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 1800 (30 minutes)
Data length: 4
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 512
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Request In: 3493]
[Time: 2.003007000 seconds]
Dig trace:
:~# dig +trace
; <<>> DiG 9.16.1-Ubuntu <<>> +trace
;; global options: +cmd
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN NS
. 456882 IN RRSIG NS 8 0 518400 20220121050000 20220108040000 9799 . e9YWOC6cu0v8YVSw1FGWDncBfB9RjuZtdoXRK2h7Hs0IJCuIoh8/feNa WglnI0Rj1qAtijVdL3ZigCczpMcSUQ70wrw7vQrrjHqhEMouLbxEFFfn XsRwzOKPH/VY9Dyiq9DXpIkSf55FbINFC6DxquaLoySFZIR4j9qi0Q/y FL6yrN15qdK+UrYZynPw4XhAQaKtOrpeY86mrGNRJuTFQpQ6Oewy8gXg ElYCV+Uz7NDU+lDoQ3ibGI8/Cf2uXhpuTr+5PtSP9H0enxioOizAd6RB 2c241Ihpl729CgdBS9TmHGFRQY5/zHxI7fcadt6NTVX4YFDUIxMoaBu1 kl7lqw==
;; Received 1137 bytes from in 0 ms
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 172800 IN NS
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20220122050000 20220109040000 9799 . bhWI749uKdKgjNPqlww3pW5sr6EgRB6diE93HFnEHc8U3wME7YIZLfg5 04y9G0j400X4LaxuXcKyUEP/MXJ5kRhNX15top8yTQdTDqnV3OUcAr/O q6+vaWe5RD1cxhdcAU7RQZ5tb1Qlri3wbN61Q+vxQUVw96eM5BEuFtY1 fsrTx7N3vI1g29Cq355bqx8lFAzqo1aVyl+LfbY8FWK3ctNzCLj/zS/P +BrdiWFZSo/uA24GcLvm5GAVFTKcWYKNEN4E9S9SzP7QDzEaZppEtNca +5tTGEgVRoWp+3kBepOicIGgS49HPa9Z8hYgvWH6teWVKl0AaqIuN1h1 k649vw==
;; Received 1170 bytes from in 2003 ms
;; connection timed out; no servers could be reached 172800 IN NS 172800 IN NS 172800 IN NS 172800 IN NS 172800 IN NS 172800 IN NS 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM 86400 IN RRSIG NSEC3 8 2 86400 20220115052319 20220108041319 15549 com. OK9Cv/IlCWwV/+Gw9bPv+ZhLKT1TvH2Mc+744BLp1B1GdZYPuAX+6PyY 40a3XZYclEMg4LzD1Z3d0XDuGWuowyY/Z2VdI6xhsuyZDDe+jBlpCXSm WqkyNxzzREI2CNJpLxoiaZNGE/l5U7tQsDoNDpN6Dx5xfivdZzGSoCBw kHVI4ejE59rCWQtMiUtbtxMODk0B71xhzyk34klfTF4L0g== 86400 IN NSEC3 1 1 0 - K201DAGIUALSSFGADN4DHE7N9Q0IROJ1 NS DS RRSIG 86400 IN RRSIG NSEC3 8 2 86400 20220116063849 20220109052849 15549 com. Z+FyFoFUory4FI6bQQ2MB0hlIqdMkhQfSXaBxE32UoGjqVNQCfB1LrJM X/M5xjkkXyS7qcN7jhPbxAlUhR7OT+ILtIhRweqD34ElHqyKFeMzGvaY TeMQGk9vXqqMVTkYsZwKoao+uJzC5RQb5AVnG2TGJBH45/lrkgWSXaa6 lQJGrfDUQTYet1AwKLuEupbZGxYNOr2X+QxOIDbxpACYcg==
couldn't get address for '': failure
couldn't get address for '': failure
couldn't get address for '': failure
couldn't get address for '': failure
couldn't get address for '': failure
couldn't get address for '': failure
dig: couldn't get address for '': no more
Capture Query packet:
Frame 3493: 116 bytes on wire (928 bits), 116 bytes captured (928 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Jan 9, 2022 23:06:48.497845000 Hora estándar romance
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1641766008.497845000 seconds
[Time delta from previous captured frame: 0.000151000 seconds]
[Time delta from previous displayed frame: 0.000151000 seconds]
[Time since reference or first frame: 12.914489000 seconds]
Frame Number: 3493
Frame Length: 116 bytes (928 bits)
Capture Length: 116 bytes (928 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6), Dst: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3)
Destination: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3)
Address: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
Address: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src:, Dst:
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 102
Identification: 0x5c40 (23616)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 63
Protocol: UDP (17)
Header Checksum: 0xff9a [validation disabled]
[Header checksum status: Unverified]
Source Address:
Destination Address:
User Datagram Protocol, Src Port: 57160 (57160), Dst Port: domain (53)
Source Port: 57160 (57160)
Destination Port: domain (53)
Length: 82
Checksum: 0x7954 [unverified]
[Checksum Status: Unverified]
[Stream index: 141]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (74 bytes)
Domain Name System (query)
Transaction ID: 0x187b
Flags: 0x0000 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries type A, class IN
[Name Length: 33]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 512
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: COOKIE
Option Code: COOKIE (10)
Option Length: 8
Option Data: 3377c5438c5ee4da
Client Cookie: 3377c5438c5ee4da
Server Cookie: <MISSING>
[Response In: 4701]
The response:
Frame 4701: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Jan 9, 2022 23:06:50.500852000 Hora estándar romance
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1641766010.500852000 seconds
[Time delta from previous captured frame: 0.006536000 seconds]
[Time delta from previous displayed frame: 0.006536000 seconds]
[Time since reference or first frame: 14.917496000 seconds]
Frame Number: 4701
Frame Length: 150 bytes (1200 bits)
Capture Length: 150 bytes (1200 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3), Dst: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
Destination: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
Address: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3)
Address: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src:, Dst:
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 136
Identification: 0x0000 (0)
Flags: 0x40, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 64
Protocol: UDP (17)
Header Checksum: 0x1ab9 [validation disabled]
[Header checksum status: Unverified]
Source Address:
Destination Address:
User Datagram Protocol, Src Port: domain (53), Dst Port: 57160 (57160)
Source Port: domain (53)
Destination Port: 57160 (57160)
Length: 116
Checksum: 0x168c [unverified]
[Checksum Status: Unverified]
[Stream index: 141]
[Time since first frame: 2.003007000 seconds]
[Time since previous frame: 2.003007000 seconds]
UDP payload (108 bytes)
Domain Name System (response)
Transaction ID: 0x187b
Flags: 0x8400 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 0
Additional RRs: 1
Queries type A, class IN
[Name Length: 33]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers type CNAME, class IN, cname
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 1800 (30 minutes)
Data length: 18
CNAME: type A, class IN, addr
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 1800 (30 minutes)
Data length: 4
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 512
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Request In: 3493]
[Time: 2.003007000 seconds]
Frame 7: 118 bytes on wire (944 bits), 118 bytes captured (944 bits)
Ethernet II, Src: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6), Dst: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3)
Internet Protocol Version 4, Src:, Dst:
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 104
Identification: 0x7c2b (31787)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 63
Protocol: UDP (17)
Header Checksum: 0x3568 [validation disabled]
[Header checksum status: Unverified]
Source Address:
Destination Address:
User Datagram Protocol, Src Port: 54743, Dst Port: 53
Source Port: 54743
Destination Port: 53
Length: 84
Checksum: 0xbc72 [unverified]
[Checksum Status: Unverified]
[Stream index: 4]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
UDP payload (76 bytes)
Domain Name System (query)
Transaction ID: 0xea2f
Flags: 0x0000 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries type A, class IN
[Name Length: 19]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 512
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 28
Option: COOKIE
Option Code: COOKIE (10)
Option Length: 24
Option Data: 033b488dccaa016bcaa914d061d9c4ad43d0d60bb5fed1b8
Client Cookie: 033b488dccaa016b
Server Cookie: caa914d061d9c4ad43d0d60bb5fed1b8
[Response In: 12]
Frame 12: 118 bytes on wire (944 bits), 118 bytes captured (944 bits)
Ethernet II, Src: MitraSta_a5:80:e3 (e4:ab:89:a5:80:e3), Dst: ASUSTekC_85:b5:f6 (78:24:af:85:b5:f6)
Internet Protocol Version 4, Src:, Dst:
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 104
Identification: 0x0000 (0)
Flags: 0x40, Don't fragment
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 64
Protocol: UDP (17)
Header Checksum: 0x7093 [validation disabled]
[Header checksum status: Unverified]
Source Address:
Destination Address:
User Datagram Protocol, Src Port: 53, Dst Port: 54743
Source Port: 53
Destination Port: 54743
Length: 84
Checksum: 0x37a2 [unverified]
[Checksum Status: Unverified]
[Stream index: 4]
[Time since first frame: 2.002658000 seconds]
[Time since previous frame: 2.002658000 seconds]
UDP payload (76 bytes)
Domain Name System (response)
Transaction ID: 0xea2f
Flags: 0x8200 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..1. .... .... = Truncated: Message is truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries type A, class IN
[Name Length: 19]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 28
Option: COOKIE
Option Code: COOKIE (10)
Option Length: 24
Option Data: 033b488dccaa016bf503131061d9c8fa5e2a52a0e09bd815
Client Cookie: 033b488dccaa016b
Server Cookie: f503131061d9c8fa5e2a52a0e09bd815
[Request In: 7]
[Time: 2.002658000 seconds]