(In reply to Phil Oester from comment #9)
> But the question remains, WHY did the behavior change? Originally, glibc
> DID use unique ports for the AAAA and A queries. From a "predictability"
> perspective, that is a more secure approach, no? Similar to how ISNs are
> now randomized in TCP.
>
> It seems many people's problems would be solved by going back to the
> (arguably more secure) method of using distinct ports for the A and AAAA
> queries.
Since Ulrich is no longer around to defend to the death indefensible decisions, maybe it is time to just go ahead and put back the separate ports, the elimination of which caused all the problems in the first place.
(In reply to Phil Oester from comment #9)
> But the question remains, WHY did the behavior change? Originally, glibc
> DID use unique ports for the AAAA and A queries. From a "predictability"
> perspective, that is a more secure approach, no? Similar to how ISNs are
> now randomized in TCP.
>
> It seems many people's problems would be solved by going back to the
> (arguably more secure) method of using distinct ports for the A and AAAA
> queries.
Since Ulrich is no longer around to defend to the death indefensible decisions, maybe it is time to just go ahead and put back the separate ports, the elimination of which caused all the problems in the first place.