Port Range for avoid-v4-udp-ports OR port for resolv.conf nameserver
UUN Hostmaster
hostmaster at uuism.net
Sun Jul 13 19:12:00 UTC 2008
My /etc/resolv.conf file has three nameservers:
nameserver
------Original Message------
From: JINMEI Tatuya / 神明達哉
To: UUN Hostmaster
Cc: bind-users at isc.org
Sent: Jul 13, 2008 12:35 PM
Subject: Re: Port Range for avoid-v4-udp-ports OR port for resolv.conf nameserver
At Sun, 13 Jul 2008 11:33:28 -0500,
"Jim Hermann - UUN Hostmaster" <hostmaster at uuism.net> wrote:
> My upstream DNS does not accept queries on all UDP ports, so I end up with
> lots of udp unreachable messages. The upstream DNS is totally unreachable
> outside the LAN, so it does not need to use other UDP ports.
I don't understand what this means. What's 'my upstream DNS'? Are
you using a forwarder, which is the upstream DNS? Please provide more
specific network configuration in this situation.
> Is there are way to specify a port range in the "avoid-v4-udp-ports { port;
> ... };" statement? I tried "avoid-v4-udp-ports { 51000-53000; );" and it
> was not accepted.
New beta versions support an explicit notation to specify a range:
avoid-v4-udp-ports { range 51000 53000; };
If you cannot use a beta version, you could still specify the same
thing as follows:
avoid-v4-udp-ports { 51000; 51001; 51002; ...; 52999; 53000; };
but this would be very inefficient (due to differences of the
underlying implementation between P1s and beta), and you'd probably
not want to do that.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
-----
Jim Hermann <hostmaster at UUism.net>
UUism Networks
Ministering to the Needs of Online UUs
Web Hosting, Email Services, Mailing Lists
-----
Sent from my Verizon Wireless BlackBerryFrom SRS0=KQKvoZ=XZ=uuism.net=hostmaster at srs.bis.na.blackberry.com Sun Jul 13 19:21:04 2008
Received: with ECARTIS (v1.0.0; list bind-users); Sun, 13 Jul 2008 19:21:04 +0000 (UTC)
Return-Path: <SRS0=KQKvoZ=XZ=uuism.net=hostmaster at srs.bis.na.blackberry.com>
X-Original-To: bind-users at webster.isc.org
Received: from mx.isc.org (mx.isc.org [IPv6:2001:4f8:0:2::1c])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mx.isc.org", Issuer "ISC CA" (verified OK))
by webster.isc.org (Postfix) with ESMTPS id 45D2810E42F
for <bind-users at webster.isc.org>; Sun, 13 Jul 2008 19:21:04 +0000 (UTC)
(envelope-from SRS0=KQKvoZ=XZ=uuism.net=hostmaster at srs.bis.na.blackberry.com)
Received: from smtp02.bis.na.blackberry.com (smtp02.bis.na.blackberry.com [216.9.248.49])
by mx.isc.org (Postfix) with ESMTP id 8F85F11401C;
Sun, 13 Jul 2008 19:21:01 +0000 (UTC)
(envelope-from SRS0=KQKvoZ=XZ=uuism.net=hostmaster at srs.bis.na.blackberry.com)
Received: from bda307.bisx.prod.on.blackberry (bda307.bisx.prod.on.blackberry [172.20.232.67])
by srs.bis.na.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id m6DJKxaH026460;
Sun, 13 Jul 2008 19:20:59 GMT
Received: from bda307.bisx.prod.on.blackberry (localhost.localdomain [127.0.0.1])
by bda307.bisx.prod.on.blackberry (8.13.7 TEAMON/8.13.7) with ESMTP id m6DJKw26001707;
Sun, 13 Jul 2008 19:20:58 GMT
X-rim-org-msg-ref-id: 1725080150
Message-ID: <1725080150-1215976856-cardhu_decombobulator_blackberry.rim.net-1973012292- at bxe004.bisx.prod.on.blackberry>
Content-Transfer-Encoding: 8bit
Reply-To: hostmaster at uuism.net
X-Priority: Normal
Sensitivity: Normal
Importance: Normal
To: "=?iso-2022-jp?B?SklOTUVJIFRhdHV5YSAvIBskQj9ATEBDIzpIGyhC?=" <Jinmei_Tatuya at isc.org>
Cc: bind-users at isc.org
Subject: Re: Port Range for avoid-v4-udp-ports OR port for resolv.conf nameserver
From: "UUN Hostmaster" <hostmaster at uuism.net>
Date: Sun, 13 Jul 2008 19:20:56 +0000
Content-type: text/plain; charset=utf-8
MIME-Version: 1.0
X-Spam-Status: No, score=-12.5 required=5.0 tests=AWL,BAYES_00,
RCVD_IN_DNSWL_MED,USER_IN_WHITELIST_TO autolearn=ham version=3.2.4
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mx.isc.org
Sender: bind-users-bounce at isc.org
Errors-to: bind-users-bounce at isc.org
Precedence: bulk
List-unsubscribe: <mailto:bind-users-request at isc.org?Subject=unsubscribe>
List-Id: <bind-users.isc.org>
X-List-ID: <bind-users.isc.org>
My /etc/resolv.conf file has three nameservers without rotation:
nameserver 127.0.0.1
nameserver xxx.xxx.xxx.253
nameserver xxx.xxx.xxx.254
The other two DNS are run by my NOC on the same subnet.
Is this a bad idea?
Jim
------Original Message------
From: JINMEI Tatuya / 神明達哉
To: UUN Hostmaster
Cc: bind-users at isc.org
Sent: Jul 13, 2008 12:35 PM
Subject: Re: Port Range for avoid-v4-udp-ports OR port for resolv.conf nameserver
At Sun, 13 Jul 2008 11:33:28 -0500,
"Jim Hermann - UUN Hostmaster" <hostmaster at uuism.net> wrote:
> My upstream DNS does not accept queries on all UDP ports, so I end up with
> lots of udp unreachable messages. The upstream DNS is totally unreachable
> outside the LAN, so it does not need to use other UDP ports.
I don't understand what this means. What's 'my upstream DNS'? Are
you using a forwarder, which is the upstream DNS? Please provide more
specific network configuration in this situation.
> Is there are way to specify a port range in the "avoid-v4-udp-ports { port;
> ... };" statement? I tried "avoid-v4-udp-ports { 51000-53000; );" and it
> was not accepted.
New beta versions support an explicit notation to specify a range:
avoid-v4-udp-ports { range 51000 53000; };
If you cannot use a beta version, you could still specify the same
thing as follows:
avoid-v4-udp-ports { 51000; 51001; 51002; ...; 52999; 53000; };
but this would be very inefficient (due to differences of the
underlying implementation between P1s and beta), and you'd probably
not want to do that.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
-----
Jim Hermann <hostmaster at UUism.net>
UUism Networks
Ministering to the Needs of Online UUs
Web Hosting, Email Services, Mailing Lists
-----
Sent from my Verizon Wireless BlackBerryFrom Jinmei_Tatuya at isc.org Sun Jul 13 19:39:40 2008
Received: with ECARTIS (v1.0.0; list bind-users); Sun, 13 Jul 2008 19:39:40 +0000 (UTC)
Return-Path: <Jinmei_Tatuya at isc.org>
X-Original-To: bind-users at webster.isc.org
Received: from mx.isc.org (mx.isc.org [IPv6:2001:4f8:0:2::1c])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mx.isc.org", Issuer "ISC CA" (verified OK))
by webster.isc.org (Postfix) with ESMTPS id 7926010E47E
for <bind-users at webster.isc.org>; Sun, 13 Jul 2008 19:39:40 +0000 (UTC)
(envelope-from Jinmei_Tatuya at isc.org)
Received: from mon.jinmei.org (mon.jinmei.org [IPv6:2001:4f8:3:36::162])
by mx.isc.org (Postfix) with ESMTP id C9AF811401C
for <bind-users at isc.org>; Sun, 13 Jul 2008 19:39:38 +0000 (UTC)
(envelope-from Jinmei_Tatuya at isc.org)
Received: from jmb.jinmei.org (user-64-9-239-238.googlewifi.com [64.9.239.238])
by mon.jinmei.org (Postfix) with ESMTP id 4AB0633C2E;
Sun, 13 Jul 2008 12:39:38 -0700 (PDT)
Date: Sun, 13 Jul 2008 12:39:33 -0700
Message-ID: <m2tzeth8ui.wl%Jinmei_Tatuya at isc.org>
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=
<Jinmei_Tatuya at isc.org>
To: hostmaster at uuism.net
Cc: bind-users at isc.org
Subject: Re: Port Range for avoid-v4-udp-ports OR port for resolv.conf nameserver
In-Reply-To: <1725080150-1215976856-cardhu_decombobulator_blackberry.rim.net-1973012292- at bxe004.bisx.prod.on.blackberry>
References: <1725080150-1215976856-cardhu_decombobulator_blackberry.rim.net-1973012292- at bxe004.bisx.prod.on.blackberry>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.1 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-type: text/plain; charset=US-ASCII
X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,RDNS_DYNAMIC
autolearn=no version=3.2.4
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mx.isc.org
Content-Transfer-Encoding: 8bit
Sender: bind-users-bounce at isc.org
Errors-to: bind-users-bounce at isc.org
Precedence: bulk
List-unsubscribe: <mailto:bind-users-request at isc.org?Subject=unsubscribe>
List-Id: <bind-users.isc.org>
X-List-ID: <bind-users.isc.org>
At Sun, 13 Jul 2008 19:20:56 +0000,
"UUN Hostmaster" <hostmaster at uuism.net> wrote:
> My /etc/resolv.conf file has three nameservers without rotation:
>
> nameserver 127.0.0.1
> nameserver xxx.xxx.xxx.253
> nameserver xxx.xxx.xxx.254
>
> The other two DNS are run by my NOC on the same subnet.
I still don't understand how this relates to avoid-v4-udp-ports.
/etc/resolv.conf is to configure your stub resolver library;
avoid-v4-udp-ports is used in named.conf to configure your caching
(recursive) name server.
Do you mean 'xxx.xxx.xxx.253' and 'xxx.xxx.xxx.254' are the 'upstream
DNS'? If the problem is that these servers don't accept queries from
some specific port numbers, there's nothing you can do with
avoid-v4-udp-ports (and it's not even related to recent BIND9 patches).
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list