dig doesn't respect "query-source address * port 53;"
Steve Snyder
swsnyder at home.com
Mon Nov 1 13:46:35 UTC 1999
Using BIND v8.2.1 on my Linux v2.2.x system, I've configured my
nameserver to only use port 53 (for the sake of firewall security)
with:
query-source address * port 53;
Everything has been running great with this configuration until today,
when I attempted to update the root namesever list with the dig
(domain information groper) utility:
dig @a.root-servers.net . ns > db.cache
Perusing the system log shows that an outbound packet was rejected by
my (ipchains) firewall. It seems that dig sent that packet from a
high port number, not from port 53.
The dig documentation shows that a port number may be specified as the
*destination* port, but I see no indication that the source port can
be set.
Is there any way to have dig respect my desire to use only port 53 for
DNS traffic?
Thank you.
*** Steve Snyder ***
More information about the bind-users
mailing list