dig doesn't respect "query-source address * port 53;"
Philipp Buehler
pb at usenet-1999.buehler.de
Tue Nov 2 19:54:18 UTC 1999
On 1 Nov 1999 05:54:58 -0800, Steve Snyder
<swsnyder at home.com> wrote:
>Using BIND v8.2.1 on my Linux v2.2.x system, I've configured my
>nameserver to only use port 53 (for the sake of firewall security)
>with:
>
> query-source address * port 53;
That is configuration of named
> dig @a.root-servers.net . ns > db.cache
>
>Perusing the system log shows that an outbound packet was rejected by
>my (ipchains) firewall. It seems that dig sent that packet from a
>high port number, not from port 53.
wtf should dig care about the configuration of named?
I really wonder how you "work" on that box w/o letting any port
above 1023 going to any destination port. Maybe you just think
again about your ipchains configuration?
>Is there any way to have dig respect my desire to use only port 53 for
>DNS traffic?
For what real useful reason?
ciao
--
Philipp Buehler, aka fIpS | BOFH | NUCH | double-p on IRC
I think I go insane; a silent virus takes control and puts me on the screen
My memory on empty hole; no one to hear me scream
HIGH TECH, HIGH TECH -- LOW LIFE --Krupps,1991
More information about the bind-users
mailing list