high-port queries - what do they do?
Barry Margolin
barmar at bbnplanet.com
Fri Jun 25 13:53:42 UTC 1999
In article <19990625151215.A25711 at tfj.rnd.uni-c.dk>,
torben fjerdingstad <unitfj-bind at tfj.rnd.uni-c.dk> wrote:
>I have limited recursive queries so they are only allowed
>for us and our customers. Thanks for helping with that.
>I see unapproved queries at a fast rate.
>
>Now I wonder why about half of the queries are on high port
>numbers. Does it look fine, or am I denying too much?
>
>In the cases below, I have the zones "dk." and "225.130.in-addr.arpa.",
>and not any of the subdomains mentioned here. Some queries go to
>port 53,while others go to high ports. Why?
Queries from port 53 indicate a remote BIND 4 server handling recursive
queries. Queries from high ports are either your customers/users or remote
BIND 8 servers handling recursive queries.
Is your server a registered, authoritative server for any domains? If so,
you need to allow everyone to query in those domains. You should put a
restrictive "allow-queries" statement in the "options" section of the
configuration, and "allow-queries { any; };" in all the "zone" sections for
domains that have been delegated to you.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list