On 6 September 2018 at 09:19, André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@xxxxxxxx> wrote: > I am not sure I agree that this is a race condition , but I might be wrong here . > > Based on what I assume is normal UDP behavior I would think 2 request generated for one A and second AAAA record should have 2 separate sources ports , > and should result in 2 separate conntrack entries and as such not race each other for any entry . > ( this is my understanding , correct me if this assumption is incorrect and tcpdumps actually show same UDP source port is used ) > > The same request is forwarded out of the same socket. When the issue is not occurring, you can see that through tcpdump. My service listening on nfqueue also shows that the packets are from the same port. Apparently it is fairly standard with libc and musl dns implementations. This blog post discusses it a bit, and uses DNS as an example of the problem: https://www.weave.works/blog/racy-conntrack-and-dns-lookup-timeouts
