Port 113 and Bind

Brad Knowles brad.knowles at skynet.be
Tue May 22 17:12:48 UTC 2001


At 3:41 PM +0000 5/22/01, EL CiD wrote:

>  So, according to the above, it gotto stay open right? Some people say
>  it can be closed without affecting your DNS, Mail, Web servers, while
>  others says it got to be open.

	Certain types of connections may be slower (because the server at 
the other end is waiting to get an IDENT reply or for the IDENT query 
to timeout, before allowing the connection to go through), but it is 
not strictly required.

	Indeed, since servers can be trivially easily programmed to lie 
in their IDENT responses (and there may be buffer overflow risks in 
the bogus IDENT responses), it has always been my suggestion to 
simply turn off all IDENT services, and to make sure that everything 
on all machines are configured to make no attempt to use IDENT.


	BTW, please don't use "NOSPAM" type addresses.  This mailing list 
is gatewayed to a newsgroup, and all address snarfing programs I know 
of are intelligent enough to strip that stuff anyway.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'


More information about the bind-users mailing list