forwarders and port usage
Mathias Körber
mathias at koerber.org
Mon Jan 15 16:43:30 UTC 2001
> On a machine with a firewall stack, I see packets for a UDP port in
> the 1024-5000 range. Using lsof, I see that Bind is attached to this
> port.
>=20
> My question is : apart from my forwarders machines, why are other
> machines trying to send packets to this port ?
>=20
> >From the FAQ, I read :
> >What is the 'forwarder' option in the named.conf used for?=20
> >The forwarder lines tell the server to forward all queries for=20
> which it doesn't have authoritative or cached data to another=20
> name server.=20
>=20
> Should I understand that my server will sometimes directly contact
> other DNS instead of always passing through its forwarders ?
a) 'forward first' (unlike 'forward only') may result in your nameserver
trying a query itself if it did not get an answer from the forwarder.
b) If your server is authoritative for some zones, it might be sending
serial# queries to those to check for new zones. (You would/should=20
recognize those servers though)
Such packets *shuold* be in reply to packets sent byyour server *from*=20
those ports, so you might be able to capture the outgoing queries and
figure out what's going on from there.
regards
More information about the bind-users
mailing list