FreeBSD Bugzilla – Attachment 90176 Details for
Bug 127290
FAQ book: discourage the use of port 53 for outgoing DNS queries
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
127290.patch.diff
127290.patch.diff (text/plain), 2.10 KB, created by
Gabor Pali
on 2008-09-29 10:04:10 UTC
(
hide
)
Description:
127290.patch.diff
Filename:
MIME Type:
Creator:
Gabor Pali
Created:
2008-09-29 10:04:10 UTC
Size:
2.10 KB
patch
obsolete
>Index: book.sgml >=================================================================== >RCS file: /home/dcvs/doc/en_US.ISO8859-1/books/faq/book.sgml,v >retrieving revision 1.1099 >diff -u -r1.1099 book.sgml >--- book.sgml 21 Aug 2008 20:53:08 -0000 1.1099 >+++ book.sgml 26 Sep 2008 16:33:10 -0000 >@@ -8479,23 +8479,30 @@ > > <qandaentry> > <question id="extra-named-port"> >- <para>BIND (<command>named</command>) is listening on port 53 >- and some other high-numbered port. What is going on?</para> >+ <para>BIND (<command>named</command>) is listening on >+ some high-numbered ports. What is going on?</para> > </question> > > <answer> > <para>BIND uses a random high-numbered port for outgoing >- queries. If you want to use port 53 for outgoing queries, >- either to get past a firewall or to make yourself feel >- better, you can try the following in >- <filename>/etc/namedb/named.conf</filename>:</para> >- >- <programlisting>options { >- query-source address * port 53; >-};</programlisting> >+ queries. Recent versions of it choose a new, random UDP >+ port for each query. This may cause problems for some >+ network configurations, especially if a firewall blocks >+ incoming UDP packets on particular ports. If you want to >+ get past that firewall, you can try the >+ <literal>avoid-v4-udp-ports</literal> and >+ <literal>avoid-v6-udp-ports</literal> options to avoid >+ selecting random port numbers within a blocked range.</para> > >- <para>You can replace the <literal>*</literal> with a single >- IP address if you want to tighten things further.</para> >+ <warning> >+ <para>If a port number (like 53) is specified via the >+ <literal>query-source</literal> or >+ <literal>query-source-v6</literal> options in >+ <filename>/etc/namedb/named.conf</filename>, randomized >+ port selection will not be used. It is strongly >+ recommended that these options not be used to specify >+ fixed port numbers.</para> >+ </warning> > > <para>Congratulations, by the way. It is good practice to > read your &man.sockstat.1; output and notice odd
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=90176">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 127290
: 90176