dig doesn't respect "query-source address * port 53;"

Philipp Buehler pb at usenet-1999.buehler.de
Tue Nov 2 19:54:18 UTC 1999

On 1 Nov 1999 05:54:58 -0800, Steve Snyder
<swsnyder at home.com> wrote:
>Using BIND v8.2.1 on my Linux v2.2.x system, I've configured my
>nameserver to only use port 53 (for the sake of firewall security)
>        query-source address * port 53;
That is configuration of named

>        dig @a.root-servers.net . ns > db.cache
>Perusing the system log shows that an outbound packet was rejected by
>my (ipchains) firewall.  It seems that dig sent that packet from a
>high port number, not from port 53.
wtf should dig care about the configuration of named?

I really wonder how you "work" on that box w/o letting any port
above 1023 going to any destination port. Maybe you just think
again about your ipchains configuration?

>Is there any way to have dig respect my desire to use only port 53 for
>DNS traffic?
For what real useful reason?

Philipp Buehler, aka fIpS | BOFH | NUCH | double-p on IRC
I think I go insane; a silent virus takes control and puts me on the screen
My memory on empty hole; no one to hear me scream
HIGH TECH, HIGH TECH -- LOW LIFE                        --Krupps,1991

More information about the bind-users mailing list