IP Port/filtering/filrewall info?
Barry Margolin
barmar at bbnplanet.com
Mon Jan 3 23:06:28 UTC 2000
In article <20000103143149.A3721 at halibut.com>,
Dave Carmean <dave at west.net> wrote:
>
>Sorry, I thought I saw this discussion recently but I've been unable
>to find the thread.
>
>It seems as if the default (UDP) source port behavior for server-to-server
>queries has changed recently. Specifically, I have one set of
>servers running 8.2.1, which seem to send queries from a random
>high-numbered port (which my firewall passes), whereas a new set of
>servers running 8.2.2-P5 seem to want to send from port 53 (which
>are blocked, for reasons known only to somebody deep inside IT from
>ages ago :o).
BIND 8's default is to use a random high port. You can use the
"query-source" option in named.conf to specify a particular source port to
use. Many sites use "query-source port 53" to make BIND 8 act like BIND 4,
because their firewalls are configured to allow only port 53 back in to the
DNS server.
>Another way to ask the question is: Is the information on proxying and/
>or filtering DNS, contained in Chapman and Zwicky's _Building Internet
>Firewalls_ (1st ed.), still correct?
Probably not, since I think it predates BIND 8.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list