brent saner via plug on 15 Aug 2022 17:35:44 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Are DNS requests with bad checksums dropped?

Apologies for the top-post; on mobile.

1.) a.) DNS queries can be either via TCP or UDP, technically; 53/TCP and 53/UDP are both IANA-reserved for DNS...
1.) b.) But the vast majority of DNS queries of consumer traffic these days are DoH, which is HTTPS (so, 443/TCP).

2.) With that out of the way,  your friend is correct. UDP and TCP are equally as reliable *on the wire*, but the difference is TCP is better suited for integrity of the transmission (hence the name *Transmission Control* Protocol). Not only is a "session" created via handshaking and hangup, but any bad data are requested (or re-offered) at the end of the sequence and re-assembled. NONE of this is present in UDP, only a datastream. This means TCP is great if you have chunks of data that *must* be entirely present and complete (e.g. files). This comes at a significant speed cost, however, due to the control overhead, waiting for assembly after any resending of bad data, etc. 
Streaming video doesn't care about previous data, only current (and, potentially, "next" in the case of buffers), but it DOES care about speed. Ergo UDP is great for streaming data; TCP, not so much.

3.) Something to keep in mind is some implementations can implement their own "integrity" on UDP use, but this usually occurs at OSI Model layer 7 instead of layer 4 (such as TCP does). 



On Mon, Aug 15, 2022, 18:32 Michael Lazin via plug <plug@lists.phillylinux.org> wrote:
    localhost.46633 > localhost.domain: [bad udp cksum 0xfe90 -> 0x1013!] 32170+ [1au] A? rr2---sn-bvvbax-2iae.googlevideo.com. ar: . OPT UDPsize=1200 (65)
    localhost.domain > localhost.46633: [bad udp cksum 0xfe90 -> 0x64b5!] 32170 ServFail* q: A? rr2---sn-bvvbax-2iae.googlevideo.com. 0/0/1 ar: . OPT UDPsize=65494 (65)
    localhost.46633 > localhost.domain: [bad udp cksum 0xfe90 -> 0x76f4!] 5806+ [1au] AAAA? rr2---sn-bvvbax-2iae.googlevideo.com. ar: . OPT UDPsize=1200 (65)
    localhost.domain > localhost.46633: [bad udp cksum 0xfe90 -> 0xcb96!] 5806 ServFail* q: AAAA? rr2---sn-bvvbax-2iae.googlevideo.com. 0/0/1 ar: . OPT UDPsize=65494 (65)
    localhost.44911 > localhost.domain: [bad udp cksum 0xfe90 -> 0x3214!] 25187+ [1au] A? rr2---sn-bvvbax-2iae.googlevideo.com. ar: . OPT UDPsize=1200 (65)

I had a discussion with a friend of mine about unusual UDP traffic I have seen, and my friend argues that UDP is standard for streaming video today, but when I watch Youtube and run tcpdump, you can see that there are bad packets. 
I want to know why UDP is superior for streaming video, because my understanding is that bad packets like this are dropped if they are UDP.  Is this not the case?  Can someone please clarify this?  I got this output from running 
"tcpdump -vvfA" while watching Youtube on an Ubuntu 22.04 laptop.  

Thank you,

Michael Lazin
Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug