Can someone explain why BIND (I'm using bind-9.9.4-73.el7_6.x86_64 but
have also tried 9.10.3-P4-Ubuntu) seems to ignore DNS queries initiated
from specific privileged source ports but not others?
Example:
[root@ns ~]# dig +short -b 127.0.0.1 @localhost google.com
172.217.6.110
[root@ns ~]# dig +short -b 127.0.0.1#10000 @localhost google.com
172.217.6.110
[root@ns ~]# dig +short -b 127.0.0.1#50 @localhost google.com
172.217.6.110
[root@ns ~]# dig +short -b 127.0.0.1#19 @localhost google.com
;; connection timed out; no servers could be reached
[root@ns ~]# dig +short -b 127.0.0.1#14 @localhost google.com
172.217.6.110
[root@ns ~]# dig +short -b 127.0.0.1#13 @localhost google.com
;; connection timed out; no servers could be reached
While it would be ideal for clients to use source port randomization and
initiate queries from random ephemeral ports, I don't control all the
clients or the NAT routers in between the client and the server. Queries
using a source port of 13 and 19 are dropped while queries from port
10000, 50, and 14 are answered. This has been confirmed via a network
capture as well. I checked the ARM, but didn't see what knob(s) I could
tweak to control this behavior. Anyone know?
Thanks,
--Blake
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users