Name Resolution issue with one domain

babu dheen babudheen at yahoo.co.in
Thu Mar 22 20:16:11 UTC 2012


Dear All,
 
 Thanks alot for helpming to identify the exact problem. Now my problem has been solved once i chang the source port from 53 to empherial port.
 
Regards
Babudheen
 

________________________________
 From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
To: bind-users at lists.isc.org 
Sent: Thursday, 22 March 2012 12:46 PM
Subject: Re: Name Resolution issue with one domain
  
> On 21/03/2012 09:41, Matus UHLAR - fantomas wrote:
>> maybe the admin set that up to force local servers using random ports,
>> instead of 53, for outgoing requests. Nobody should use port 53 for
>> _ougtoing_ requests.

On 21.03.12 23:41, Anand Buddhdev wrote:
> You're wrong. A name server can use any source port from 1 up to 65535
> for an outgoing query, as long as that port is not in use by any other
> process on the system.

well, it _can_ but because ports < 1024 are undesrtood as privileged, it should not use them.

> In fact, up until Kaminsky's revelation, many BIND servers used a fixed
> source port of 53.

yes, but because of Kaminsky's revelation, servers should not use that port anymore.

While it's of up to the the admin of resolving server, it's possible that FW admin at dubai airport had reason to block ports>1024. 
Maybe they got attack from enabled chargen or echo UDP services from somewhere. We do not knot that. But we surely know that OP's nameservers use port 53 which they should not use...


-- Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120323/8b80d11d/attachment.html>


More information about the bind-users mailing list