In article <[EMAIL PROTECTED]>, Chris Buxton <[EMAIL PROTECTED]> wrote:
> > The high port 42663 is not used for recursive query. > > If I'm not mistaken, named gets a new source port ready for the next > outgoing query. If you had run the netstat command prior to sending > the query, I believe you would have seen port 5506 held open. Right, this is part of the fix to the Kaminsky vulnerability. BIND used to open a single high port for recursive queries, and use it for the process lifetime. Now it changes ports frequently and randomly, so that DNS spoofers will have a hard time guessing the port. -- Barry Margolin, [EMAIL PROTECTED] Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group ***
