what is named daemon listening for ports other than 53, 953
Barry Margolin
barmar at alum.mit.edu
Mon Oct 6 20:12:14 UTC 2008
In article <gcaodp$29fp$1 at sf1.isc.org>,
Chris Buxton <cbuxton at menandmice.com> wrote:
> > The high port 42663 is not used for recursive query.
>
> If I'm not mistaken, named gets a new source port ready for the next
> outgoing query. If you had run the netstat command prior to sending
> the query, I believe you would have seen port 5506 held open.
Right, this is part of the fix to the Kaminsky vulnerability. BIND used
to open a single high port for recursive queries, and use it for the
process lifetime. Now it changes ports frequently and randomly, so that
DNS spoofers will have a hard time guessing the port.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list