master bind 8 <-> slave bind 4
Barry Margolin
barmar at genuity.net
Fri Dec 22 15:42:06 UTC 2000
In article <91vsde$qsv at pub3.rc.vix.com>,
Jeffrey C. Albro <jeff at velvet.antistatic.com> wrote:
>
>
>
>On Fri, 22 Dec 2000, Jim Reid wrote:
>
>> No. By default BIND8 and BIND9 use a random, non-privileged port when
>> they make queries. BIND4 servers always used port 53 for that. The
>> query-source clause above will make a BIND[89] server behave like a
>> BIND4 server when it sends queries.
>
>Actually, I find it is NOT that random, usually 1025-1028. I wonder if
>that pridictability could cause security problems?
The randomness is dependent on the TCP stack. BIND doesn't select a
specific port, it asks the OS to select a port. However, most operating
systems probably assign ports sequentially, either starting at 1024 and
incrementing, or starting at some high port and decrementing. Since named
is usually started up at boot time, it will probably get one of the first
few ports.
If you're concerned about this security-wise, I suppose you could modify
your startup script to pick a random high-numbered port and edit named.conf
to put this in the query-source option.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list