Listener UDP *:1024
Jim Reid
jim at rfc1035.com
Wed Sep 20 09:59:06 UTC 2000
>>>>> "John" == John Hernandez <John.Hernandez at noaa.gov> writes:
John> My question is, why does it listen to UDP *:1024 on all
John> interfaces? Unless it needs to, I don't want it to.
John> Can/should I tell it not to? How? I haven't logged any
John> traffic to this port. I can't find any reference to this in
John> any of the docs.
First of all, there's no such thing as a UDP listener. The socket in
question is used by the name server for sending queries to other name
servers. [ie The server gets replies to its queries on this socket.
Nobody should be sending queries to that socket. A warning is logged
if they do.] By default, BIND[89] uses a random, non-privileged port
when making queries. In BIND4, they were always sent from port
53. This query socket is bound to the wildcard address so that the OS
can automatically fill in the source address whenever it sends the
query out on whatever network interface the system's routing table
decides is suitable.
The query-source option can be used to change this behaviour. Some
sites like the name server to use the same fixed port number for
sending queries so that they can have a simple access rule/filter in
their firewall for external DNS traffic.
BTW all of this is documented in the man page for named.conf in the
BIND8 release and the HTML documentation too. It's also in the BIND9
Administrator's Reference Manual.
More information about the bind-users
mailing list