Root server DNS traffic across Linux/ipchains firewall?
Steve Snyder
swsnyder at home.com
Thu Oct 21 18:48:08 UTC 1999
Joseph S D Yao wrote:
>
> > I'm setting up a firewall on my Linux box. This machine is running
> > Linux kernel v2.2.13 and BIND v8.2.1. For some reason I'm getting
> > output from my box to root nameservers on a high port number. Can
> > anyone explain this?
>
> If you don't want this, use option:
> query-source address * port 53;
I do use this option - as shown in my original post.
What I'm seeing is that while the input/output traffic to/from
my ISP's nameservers is respecting the exclusive use of port 53,
traffic with root nameservers does not. BIND is still attempting
to communicate via a high port number.
More information about the bind-users
mailing list