Is there some way to limit the range of ports that bind-9.5.0-P1 uses in it's source port randomization? Bind using the ports in the 0-32k range is causing me problems with respect to a hack I have in my firewall.
It seems that slow authoritative nameservers are triggering the scan detector. In particular, if a nameserver sends packets after the firewall has already removed the state that was set for the outgoing query packets, then the return packet will look like a probe. This is doubly so if the packets happen to fall on a port that is typically associated with that swiss-cheese operating system from Redomond WA. At this point, I'd rather lose one bit of randomization by limiting the port number to 15 bits than lose my firewall's cold-shoulder hack. (Yes, I know I should probably reconsider not using that silly hack, but in practice it seems to work well enough at getting script kiddies to move on and waste some other person's bandwidth and CPU.) -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
