{
  "id": "networking/udp-port-unreachable",
  "signature": "ICMP: Port unreachable from 10.0.0.2:53 to 10.0.0.1:54321",
  "signature_zh": "ICMP：从10.0.0.2:53到10.0.0.1:54321的端口不可达",
  "regex": "ICMP: Port unreachable from \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}:\\d+ to \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}:\\d+",
  "domain": "networking",
  "category": "protocol_error",
  "subcategory": null,
  "root_cause": "A UDP packet was sent to a closed port on the destination host (10.0.0.2:53), and the destination responded with an ICMP Port Unreachable message, indicating no application is listening on that port.",
  "root_cause_type": "generic",
  "root_cause_zh": "UDP数据包被发送到目标主机（10.0.0.2:53）上的一个关闭端口，目标主机响应ICMP端口不可达消息，表明该端口上没有应用程序在监听。",
  "versions": [
    {
      "version": "Linux kernel 5.10-6.8",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Windows Server 2022/2025",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "FreeBSD 13-14",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "DNS servers (BIND 9.18-9.20, Unbound 1.17-1.22)",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "syslog-ng 4.0-4.8",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "Adding a firewall rule to drop ICMP Port Unreachable messages",
      "why_fails": "This hides the error but does not fix the underlying issue; the source application still fails to communicate and may timeout instead of getting a fast failure.",
      "fail_rate": 0.85,
      "condition": "",
      "sources": []
    },
    {
      "action": "Restarting the destination service without verifying it's listening on the correct port",
      "why_fails": "The service may be misconfigured to listen on a different port or interface, so restarting does not resolve the mismatch.",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    },
    {
      "action": "Assuming the source is sending to the wrong IP address and changing routing",
      "why_fails": "The ICMP message confirms the IP is reachable; the issue is the port, not the address.",
      "fail_rate": 0.6,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Verify the destination service is running and listening: `ss -ulpn | grep :53` on Linux; if not, start the service (e.g., `systemctl start named` for BIND).",
      "success_rate": 0.85,
      "how": "Verify the destination service is running and listening: `ss -ulpn | grep :53` on Linux; if not, start the service (e.g., `systemctl start named` for BIND).",
      "condition": "",
      "sources": []
    },
    {
      "action": "Check the source application configuration to ensure it sends to the correct port: e.g., in `/etc/resolv.conf` for DNS, ensure `nameserver` points to 10.0.0.2 and port is 53.",
      "success_rate": 0.8,
      "how": "Check the source application configuration to ensure it sends to the correct port: e.g., in `/etc/resolv.conf` for DNS, ensure `nameserver` points to 10.0.0.2 and port is 53.",
      "condition": "",
      "sources": []
    },
    {
      "action": "If the service is intentionally not running, update the source to use a different destination or port, or install the required service.",
      "success_rate": 0.9,
      "how": "If the service is intentionally not running, update the source to use a different destination or port, or install the required service.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Verify the destination service is running and listening: `ss -ulpn | grep :53` on Linux; if not, start the service (e.g., `systemctl start named` for BIND).",
    "Check the source application configuration to ensure it sends to the correct port: e.g., in `/etc/resolv.conf` for DNS, ensure `nameserver` points to 10.0.0.2 and port is 53.",
    "If the service is intentionally not running, update the source to use a different destination or port, or install the required service."
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://datatracker.ietf.org/doc/html/rfc792",
  "official_doc_section": null,
  "error_code": null,
  "verification_tier": "ai_generated",
  "confidence": 0.85,
  "fix_success_rate": 0.85,
  "resolvable": "true",
  "first_seen": "2024-02-10",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}