networking
protocol_error
ai_generated
true
ICMP: Port unreachable from 10.0.0.2:53 to 10.0.0.1:54321
ID: networking/udp-port-unreachable
85%Fix Rate
85%Confidence
1Evidence
2024-02-10First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Linux kernel 5.10-6.8 | active | — | — | — |
| Windows Server 2022/2025 | active | — | — | — |
| FreeBSD 13-14 | active | — | — | — |
| DNS servers (BIND 9.18-9.20, Unbound 1.17-1.22) | active | — | — | — |
| syslog-ng 4.0-4.8 | active | — | — | — |
Root Cause
A UDP packet was sent to a closed port on the destination host (10.0.0.2:53), and the destination responded with an ICMP Port Unreachable message, indicating no application is listening on that port.
generic中文
UDP数据包被发送到目标主机(10.0.0.2:53)上的一个关闭端口,目标主机响应ICMP端口不可达消息,表明该端口上没有应用程序在监听。
Official Documentation
https://datatracker.ietf.org/doc/html/rfc792Workarounds
-
85% success Verify the destination service is running and listening: `ss -ulpn | grep :53` on Linux; if not, start the service (e.g., `systemctl start named` for BIND).
Verify the destination service is running and listening: `ss -ulpn | grep :53` on Linux; if not, start the service (e.g., `systemctl start named` for BIND).
-
80% success Check the source application configuration to ensure it sends to the correct port: e.g., in `/etc/resolv.conf` for DNS, ensure `nameserver` points to 10.0.0.2 and port is 53.
Check the source application configuration to ensure it sends to the correct port: e.g., in `/etc/resolv.conf` for DNS, ensure `nameserver` points to 10.0.0.2 and port is 53.
-
90% success If the service is intentionally not running, update the source to use a different destination or port, or install the required service.
If the service is intentionally not running, update the source to use a different destination or port, or install the required service.
中文步骤
Verify the destination service is running and listening: `ss -ulpn | grep :53` on Linux; if not, start the service (e.g., `systemctl start named` for BIND).
Check the source application configuration to ensure it sends to the correct port: e.g., in `/etc/resolv.conf` for DNS, ensure `nameserver` points to 10.0.0.2 and port is 53.
If the service is intentionally not running, update the source to use a different destination or port, or install the required service.
Dead Ends
Common approaches that don't work:
-
Adding a firewall rule to drop ICMP Port Unreachable messages
85% fail
This hides the error but does not fix the underlying issue; the source application still fails to communicate and may timeout instead of getting a fast failure.
-
Restarting the destination service without verifying it's listening on the correct port
70% fail
The service may be misconfigured to listen on a different port or interface, so restarting does not resolve the mismatch.
-
Assuming the source is sending to the wrong IP address and changing routing
60% fail
The ICMP message confirms the IP is reachable; the issue is the port, not the address.