BIND ignores queries from specific privileged source ports
Tony Finch
dot at dotat.at
Tue Jun 11 09:23:02 UTC 2019
Mark Andrews <marka at isc.org> wrote:
> As for the NAT box that chooses those ports. If you can’t keep the
> original port it should choose a ephemeral port at random. Choosing a
> well known port is problematic for lots of reasons.
If I understand the documentation that was linked previously
https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config/nat-basics.html#ID-2090-00000438
I think the option that does the right thing is "flat" without
"include-reserve".
Tony (muttering about PIX fuxup mode even tho cisco changed the name).
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Irish Sea: North or northeast, 5 to 7. Slight or moderate. Occasional
rain. Good, occasionally moderate.
More information about the bind-users
mailing list