Comment 341 for bug 417757

Regarding comment #6, that's similar to what I reported on the original bug. copied from https://bugzilla.redhat.com/show_bug.cgi?id=459756#c108:

Just a further datapoint on this, since I too spent a few days scratching my
head on it. It looks like what changed in F10 is that both the AAAA and A
requests are sent using the SAME SOURCE PORT, while pre-F10 used different
source ports for the two requests.

For me, that change spelled trouble in the form of a race for my loadbalancer.
I saw this:

1) receive A request, creating session table entry with NAT'd reply IP
2) receive AAAA request on port x, reusing session table entry from #1
3) respond to AAAA request on port x and remove session table entry
4) loadbalancer receives response from DNS server for A request, but since
session table entry (with VIP response IP) is gone, it simply forwards the
traffic, so client receives a reply from a different IP (the IP of the server
itself, NOT the vip) and ignores it

So for me, the simple solution to this is to go back to the old behaviour of
having the A and AAAA requests use unique source ports. Wouldn't that be more
secure anyway? Seems like a step backward to reuse the port.