Bind on strange UDP ports?
Erik Parker
eparker at mindsec.com
Thu Jul 6 05:13:32 UTC 2000
But.. Would keep that port open perm? Is there any well to tell exactly
if that is what the port is really doing? With the new rumors daily of
bind issues, and seeing dns servers running 0 services except bind getting
rooted, scares me to see this and not find any documentation on what it
is.
On Wed, 5 Jul 2000, Cricket Liu wrote:
>
> > Ok I've never really noticed this behavior before.. But I am seeing it on
> > a few servers..
> >
> > Bind is binding to the ports specified in the named.conf, port 53.. UDP
> > and TCP.
> >
> > It is also binding on a high port.. like 4431 UDP. Then if you ndc reload
> > it steps up one port to 4432.. Sometimes it skips a few.. Up to like
> > 4437.. then another ndc reload it ups to 4438. And so on. Well this causes
> > a problem.. It binds to EVER interface, even if you have the named.conf
> > telling it to only bind on one interface.
> >
> > What is this UDP port.. How do you get rid of it.. and why is it
> > there.. and not in any documentation? (Or is it?)
>
> It's probably the query port. BIND 8 name servers send queries
> from a high-numbered port. They bind() to it at startup and, I guess,
> after reloads.
>
> cricket
>
>
>
Erik Parker
eparker at mindsec.com
More information about the bind-users
mailing list