Query source port 53
Nico Kadel-Garcia
nkadel at comcast.net
Wed Oct 15 01:12:39 UTC 2003
Barry Margolin wrote:
> In article <bmfg2c$1hhm$1 at sf1.isc.org>,
> Nico Kadel-Garcia <nkadel at comcast.net> wrote:
>>It's mentioned in the default named.conf files for a lot of
>>distributions. It is often still useful when configuring firewalls to
>>allow things like zone transfers to secondary name servers outside your
>>local network.
>
>
> It's never been used as the source port for zone transfers, not even by
> BIND 4. That uses TCP, and has always used an ephemeral source port.
> Otherwise, you wouldn't be able to have multiple concurrent zone transfers
> between the same master and slave.
I'm not expert enough to know that you're completely incorrect, but am
expert enough in networks to know that your reasoning is deeply flawed.
If network servers of various sorts could only ever open one connection
at a time for an open service port, then SSH, HTTP, FTP and other
services could not have simultaneous connections from the same client.
Do those negotiate the use of other ports and spin off multiple daemons
and services to support these transfers? Why, yes they do: but you can
certainly look at the network negotiations for other such services to
see that if you block their primary port, life gets rather odd.....
I think you mean somthing by "ephemereal source port" that I'm missing here.
More information about the bind-users
mailing list