Re: [FW1] Internal DNS servers.

Wed, 26 Jul 2000 10:00:03 -0700 


Interesting.  I always thought name resolution occurred through 53/udp, and 
zone transfers through 53/tcp.

At 11:48 AM 7/22/00 -0700, Brett Eldridge wrote:


> > On Mon, 17 Jul 2000, Jack Coates wrote:
>
> > > On Mon, 17 Jul 2000, Aaron Turner wrote:
> >
> > > Actually Jack, in the wild you will see a significant portion of
> > > requests coming from port 53.  I forget why off the top of my head,
> > > but it does happen.  Also, remember that the >1024 is a Unix'ism and
> > > isn't true in the Windows world.
> >
> > but I've never seen a DNS resolver coming _from_ UDP 53. That would
> > break inbound resolution requests on my home firewall, which I use
> > fairly frequently. I'm sure you've seen it or you wouldn't have said
> > so, but I'd think it's got to be fairly rare. Whatever.
>
>your home firewall is broken.
>
>client resolvers almost always use an ephemeral port (i.e. > 1023)
>
>however, if your client queries the local dns server which then queries
>another dns server (i.e. a recursive query), the server-server request
>will very likely have a source port of 53/udp.
>
>older versions of bind always used a source port of 53/udp. newer versions
>(i think > v8.1) use an ephemeral port but allow you to revert to the
>older method with the directive:
>
>   query-source address * port 53
>
>
>- brett
>
>
>
>================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>================================================================================
>
>
>================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>================================================================================ 
>




-
"As soon as men decide that all
means are permitted to fight an evil,
their good becomes indistinguishable
from the evil they set out to destroy."
                       --Christopher Dawson



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to