DnsServer icon indicating copy to clipboard operation
DnsServer copied to clipboard

Published 20 hours ago verified publisher icon TechnitiumSoftware

ip_local_port_range: prefer different parity for start/end values.

Open guycalledseven opened this issue 6 months ago • 1 comments
trafficstars

Current suggested docker compose file in repo sets:

    sysctls:
      - net.ipv4.ip_local_port_range=1024 65000

However on Ubuntu 24.04 server this causes error: ip_local_port_range: prefer different parity for start/end values.

The fix is to to use an odd number for the end port:

    sysctls:
      - net.ipv4.ip_local_port_range=1024 65535

guycalledseven avatar Apr 27 '25 09:04 guycalledseven

Thanks for the post. I am not really docker expert but, the option works inside the container which is debian, so I am not sure how it is going to affect the host OS running Ubuntu. Please provide more context on the issue that you are seeing.

ShreyasZare avatar Apr 27 '25 10:04 ShreyasZare

For what its worth, this the kernel documentation suggests 32768-60999 as the default values. Strictly, this requirement is supposed to be preferential not required, but this may vary. I can't remember the specifics off the top of my head, but its something along the lines of even ports are used for "connect" and odd are used for "bind". Maybe it was the other way around, but in any case, it is proper to use a different parity here.

p4plus2 avatar Aug 05 '25 02:08 p4plus2

@p4plus2 That config was done to override the defaults. For DNS server, its important to have large range of ports available for port randomization to have good entropy.

I can't remember the specifics off the top of my head, but its something along the lines of even ports are used for "connect" and odd are used for "bind".

I am not really aware about this. Do you have any link which explains it?

ShreyasZare avatar Aug 05 '25 07:08 ShreyasZare

I should have been more clear, I mentioned the defaults to illustrate the parity not the specific values. The wide range makes sense in this case (and in many other server applications).

I don't remember where I initially read this, but I was able to track down a source: https://patchwork.ozlabs.org/project/netdev/patch/[email protected]/

To me, it seems like it shouldn't really cause an issue and enforcing parity seems pedantic. But it's probably easier to comply rather than risk the off chance some systems enforce the parity.

p4plus2 avatar Aug 06 '25 02:08 p4plus2

@p4plus2 thanks for the link. Will get the docker compose file updated.

ShreyasZare avatar Aug 06 '25 07:08 ShreyasZare

Technitium DNS Server v14.0.1 is now available which resolves this issue. Do upgrade and let me know your feedback.

ShreyasZare avatar Nov 11 '25 09:11 ShreyasZare