nsupdate does not honor the operating system's preferred ephemeral port range
While it is a bug in and of itself, IMHO the most compelling reason to fix this problem is that it is causing rare system test failures.
nsupdate may pick a source port number which clashes with a port number assigned to some
named instance for listening. This does not trigger an error upon
bind() because both
SO_REUSEADDR for the relevant sockets. The end result is that
nsupdate is unable to receive any responses to its queries and thus indicates a timeout.
Another possible symptom of this bug is a
named instance refusing to start with an "address already in use" error - which is what happens if it tries to
bind() to its configured listening port when some
nsupdate process is already bound to that same port (as its source port).