Query source port 53

Barry Margolin barry.margolin at level3.com
Tue Oct 14 14:14:59 UTC 2003


In article <bmfg2c$1hhm$1 at sf1.isc.org>,
Nico Kadel-Garcia  <nkadel at comcast.net> wrote:
>Barry Margolin wrote:
>
>> In article <bmeic1$esj$1 at sf1.isc.org>, Bragi Baldursson <bb at simi.is> wrote:
>> 
>>>I have been looking over the RFCs and the threads about the issue of using
>>>source port 53 for querying and it seems to me
>>>that the standard is to use port 53 as the query source port.
>> 
>> 
>> This was the behavior of BIND 4, but AFAIK it's not specified in any
>> standard.  And BIND 8 changed the default behavior -- it now selects an
>> ephemeral source port.
>
>It's mentioned in the default named.conf files for a lot of 
>distributions. It is often still useful when configuring firewalls to 
>allow things like zone transfers to secondary name servers outside your 
>local network.

It's never been used as the source port for zone transfers, not even by
BIND 4.  That uses TCP, and has always used an ephemeral source port.
Otherwise, you wouldn't be able to have multiple concurrent zone transfers
between the same master and slave.

-- 
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list