firewall blocking 53
Jim Reid
jim at rfc1035.com
Wed Aug 7 18:34:26 UTC 2002
>>>>> "Armin" == Armin Safarians <armin.safarians at safeway.com> writes:
Armin> That would certainly let me set my port I query from,
Armin> however reading the bind book it says that if query-source
Armin> is not used, it would then use a random unprivileged
Armin> port. My issue is that it uses the same one for all of its
Armin> queries... The network folk expect random port sending
Armin> those queries... ?????
The port number is *random* unless you explicitly tell the name server
to use a specific one. With no explicit port set, the operating system
decides which one the name server will be given. That will depend on
the port numbers that are active on the computer at the time when a
typical "naming" system call like sendto() or bind() gets made on the
socket. So the name server uses that random port number for its
outbound queries until it gets restarted or reconfigured. See Chapter
8 of Stevens "Unix Network Programming".
If your firewall doesn't like your name server's kernel picking random
port numbers for the name server, there are two choices. Either you
relax the firewall's rules or make the name server use an explicit
source port (and address?) that the firewall will let through.
More information about the bind-users
mailing list