Root server DNS traffic across Linux/ipchains firewall?
Steve Snyder
swsnyder at home.com
Fri Oct 22 20:27:29 UTC 1999
Joseph S D Yao wrote:
>
> > Joseph S D Yao wrote:
> > > > I'm setting up a firewall on my Linux box. This machine is running
> > > > Linux kernel v2.2.13 and BIND v8.2.1. For some reason I'm getting
> > > > output from my box to root nameservers on a high port number. Can
> > > > anyone explain this?
> > >
> > > If you don't want this, use option:
> > > query-source address * port 53;
> >
> > I do use this option - as shown in my original post.
> >
> > What I'm seeing is that while the input/output traffic to/from
> > my ISP's nameservers is respecting the exclusive use of port 53,
> > traffic with root nameservers does not. BIND is still attempting
> > to communicate via a high port number.
>
> Apologies. "Answer in haste, repent at leisure." Yes, I went through
> your message so quickly that I missed this!
>
> I'd have to go look through the code to see why it might communicate
> with root servers on 61000, given the query-source statement. I don't
> really have the time to do that right this second. Those were queries,
> weren't they? Not to continue to push the obvious, but have you
> reloaded or restarted your 'named' since that line was put in?
Fixed it!
The DNS communication on my LAN's server was in fact all going through
port 53 as specified. The packets logged on the high port numbers were
caused by a client machine on my LAN that was doing it's own lookups
rather than going through the server's nameserver.
I've fixed the (mis)configuration on the client machine and all
traffic is blissfully limited to port 53. Ha!
Thanks for the reply.
***** Steve Snyder *****
More information about the bind-users
mailing list