BIND, Ethereal, msproxy, etc.
ed at alcpress.com
Fri Jun 7 21:57:54 UTC 2002
Answering my own post for the benefit of others:
BIND 8.2.4 does not behave according to the documentation.
By default, with no query-source statement in the named.conf file,
it always uses the same port for queries - in my case port 1745.
If I add this statement:
query-source address * port *
to named.conf, BIND then uses ephemeral ports determined by the
system - Linux in my case. I find this more desirable than an
arbitrary fixed port.
On Fri, 2002-06-07 at 12:51, Ed Sawicki wrote:
> I just installed the latest version of Ethereal and immediately noticed
> that some packets on my network were being decoded as "msproxy". I
> quickly realized that these were DNS queries sent by my DNS server
> (BIND 8.2.4 on Linux) to remote DNS servers - seemingly plain old DNS
> Ethereal decodes them as the msproxy protocol because my DNS
> server was using a source port of 1745, which Ethereal thinks is
> the msproxy protocol even though IANA's port list refers to this as
> remote-winsock. Ethereal's hex-ascii display made it clear that
> these were DNS queries. I assume that Ethereal is messed up. For
> packets with a source port of 1745 and destination port of 53, it
> favors the registered port 1745 over the well-known port 53.
> I thought that BIND just happened to use 1745 as its ephemeral port
> for the packet exchange I just happened to capture. However, I
> captured several hundred more packets and BIND seems to be using
> port 1745 for all it's queries. I checked
> /proc/sys/net/ipv4/ip_local_port_range and it reports 49000 60000.
> It seems that BIND 8.2.4 is not using ephemeral ports but rather uses
> 1745. I did not configure this in named.conf. Is this normal
> -- Attached file included as plaintext by Ecartis --
> -- File: signature.asc
> -- Desc: This is a digitally signed message part
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> -----END PGP SIGNATURE-----
-- Attached file included as plaintext by Ecartis --
-- File: signature.asc
-- Desc: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the bind-users