Bug 127290
| Summary: | FAQ book: discourage the use of port 53 for outgoing DNS queries | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Documentation | Reporter: | Aleksandr Stankevic <alex> | ||||
| Component: | Books & Articles | Assignee: | Gabor Pali <pgj> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Aleksandr Stankevic
2008-09-11 08:30:02 UTC
Responsible Changed From-To: freebsd-doc->pgj Take. Hello Aleksandr, How do you like this patch? Please review and comment on it. Thanks, :g (re-mailing with CC to gnats)
Sounds fine to me.
On Mon, 2008-09-29 at 11:04 +0200, Gabor PALI wrote:
> Hello Aleksandr,
>
> How do you like this patch? Please review and comment on it.
>
> Thanks,
> :g
>
> plain text document attachment (127290.patch.diff)
> Index: book.sgml
> ===================================================================
> RCS file: /home/dcvs/doc/en_US.ISO8859-1/books/faq/book.sgml,v
> retrieving revision 1.1099
> diff -u -r1.1099 book.sgml
> --- book.sgml 21 Aug 2008 20:53:08 -0000 1.1099
> +++ book.sgml 26 Sep 2008 16:33:10 -0000
> @@ -8479,23 +8479,30 @@
>
> <qandaentry>
> <question id="extra-named-port">
> - <para>BIND (<command>named</command>) is listening on port 53
> - and some other high-numbered port. What is going on?</para>
> + <para>BIND (<command>named</command>) is listening on
> + some high-numbered ports. What is going on?</para>
> </question>
>
> <answer>
> <para>BIND uses a random high-numbered port for outgoing
> - queries. If you want to use port 53 for outgoing queries,
> - either to get past a firewall or to make yourself feel
> - better, you can try the following in
> - <filename>/etc/namedb/named.conf</filename>:</para>
> -
> - <programlisting>options {
> - query-source address * port 53;
> -};</programlisting>
> + queries. Recent versions of it choose a new, random UDP
> + port for each query. This may cause problems for some
> + network configurations, especially if a firewall blocks
> + incoming UDP packets on particular ports. If you want to
> + get past that firewall, you can try the
> + <literal>avoid-v4-udp-ports</literal> and
> + <literal>avoid-v6-udp-ports</literal> options to avoid
> + selecting random port numbers within a blocked range.</para>
>
> - <para>You can replace the <literal>*</literal> with a single
> - IP address if you want to tighten things further.</para>
> + <warning>
> + <para>If a port number (like 53) is specified via the
> + <literal>query-source</literal> or
> + <literal>query-source-v6</literal> options in
> + <filename>/etc/namedb/named.conf</filename>, randomized
> + port selection will not be used. It is strongly
> + recommended that these options not be used to specify
> + fixed port numbers.</para>
> + </warning>
>
> <para>Congratulations, by the way. It is good practice to
> read your &man.sockstat.1; output and notice odd
--
Aleksandr Stankevic
UNIX system administrator
pgj 2008-10-02 12:32:56 UTC
FreeBSD doc repository
Modified files:
en_US.ISO8859-1/books/faq book.sgml
Log:
Update Question 13.3 (extra-named-port):
- Discourage the use of port 53 for outgoing DNS queries
PR: docs/127290
Submitted by: Aleksandr Stankevic <alex (at) braske (dot) net>
Approved by: gabor (mentor)
Revision Changes Path
1.1100 +19 -12 doc/en_US.ISO8859-1/books/faq/book.sgml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed I have committed the patch I offered. Thank you for your cooperation and for your suggestion. |
