UDP port 1086

Olaf Lautenschlaeger ol+bind-users at anova.de
Fri Mar 16 13:48:20 UTC 2007

On Friday, March 16, 2007 2:05 PM [GMT+1=CET],
Stefan Schmidt <s.schmidt--bind at mcbone.net> wrote:

> On Fri, Mar 16, 2007 at 12:55:26PM +0100, Olaf Lautenschlaeger wrote:
>> could anyone tell me what part of BIND does listen on UDP
>> (the usual :53 ports and localhost:953 were open too)?
> This is probably the highport BIND uses to listen for incoming replies
> from other Nameservers when it queries them to handle recursive
> queries. Try restarting BIND and see if it changes - BIND chooses
> this port randomly from your highports range by default.
> You can fixiate it with the following config statement,
> options {
> query-source address port 1234;
> };
> but keep in mind that this also makes it easier for
> cache-poisoning attacks as they might know which port to spoof
> after a while.
> Stefan

Seems that I've stumbled over that query-source port indeed.
Didn't know that BIND keeps listening to a port which is intended
to sends out requests.

Thanks to all for sharing your knowledge.


More information about the bind-users mailing list