UDP port 1086
Olaf Lautenschlaeger
ol+bind-users at anova.de
Fri Mar 16 13:48:20 UTC 2007
On Friday, March 16, 2007 2:05 PM [GMT+1=CET],
Stefan Schmidt <s.schmidt--bind at mcbone.net> wrote:
> On Fri, Mar 16, 2007 at 12:55:26PM +0100, Olaf Lautenschlaeger wrote:
>> could anyone tell me what part of BIND does listen on UDP
>> 0.0.0.0:1086 (the usual :53 ports and localhost:953 were open too)?
>
> This is probably the highport BIND uses to listen for incoming replies
> from other Nameservers when it queries them to handle recursive
> queries. Try restarting BIND and see if it changes - BIND chooses
> this port randomly from your highports range by default.
> You can fixiate it with the following config statement,
> options {
> query-source address 1.2.3.4 port 1234;
> };
> but keep in mind that this also makes it easier for
> cache-poisoning attacks as they might know which port to spoof
> after a while.
>
> Stefan
Seems that I've stumbled over that query-source port indeed.
Didn't know that BIND keeps listening to a port which is intended
to sends out requests.
Thanks to all for sharing your knowledge.
Olaf
More information about the bind-users
mailing list