Barry Margolin wrote on 6/10/2019 11:18 AM:
In article <mailman.677.1560175574.711.bind-us...@lists.isc.org>,
Blake Hudson <bl...@ispn.net> wrote:
Thank you Mark. A popular NAT appliance manufacturer has some logic that
attempts to keep the translated source port close to the untranslated
source port which can sometimes result in the behavior I've described
where DNS queries use the well known source port of protocols that are
abuse prone:
Why would the original source port be close to any of these low port
numbers? Source ports should normally be ephemeral ports.
Barry, I agree with you 100%. Unfortunately, old clients may issue DNS
queries using a source (and destination) port of UDP 53. To do that in a
product released today would, in my opinion, be a defect or bug. It's
been reported to the vendor (Calix), but a fix remains forthcoming.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
