Specifying port in 'forwarders' directive?

Bob Vance bobvance at alumni.caltech.edu
Fri Sep 22 19:42:13 UTC 2000 

I still have a problem with the original question.

> All DNS server listen on port 53.

Then what's the point of having the option to allow a serve to listen on
a port other than 53?
If we cannot specify a different port to query, whose gonna query that
alternate port?


An aside:

As I understand the "query-source" statement, it is only used to specify
the socket that 'named' will listen on for the *response* to queries
that
are sent out.  It specifies the data that will go into the *source*
address/port of the packet sent to the destination.

I think that the asterisked statement from the DOCO web page
is misleading (at least it was confusing to me):
===================
Query Address
If the server doesn't know the answer to a question, it will
query other nameservers.

*** query-source specifies the address and port used for
*** such queries.

 If address is * or is omitted, a wildcard IP address (INADDR_ANY) will
be used. If port is * or is omitted, a random unprivileged port will be
used. The default is

    query-source address * port *;

Note: query-source currently applies only to UDP queries; TCP queries
always use a wildcard IP address and a random unprivileged port.
================

As written, it implies that it is the target socket for the query.
I would think that the statement in question should be worded something
like:

   "query-source specifies the address and port used as the
    *source* socket for such queries.  'named' will listen on
    this socket for the response to the query just sent.
   "

Presumably, the process that just sent the packet with the query-source
address/port will then be listening on that socket for the reply.

Now if we do this, how to we handle multiple queries at once?
If we send out all the queries with the same address/port, how do we
match the response to the original requestor?
Does he keep a table of outstanding queries and try to match responses
to
the queries?


-------------------------------------------------
Tks        | <mailto:Bob_Vance at sbm.com>
BV         | <mailto:bobvance at alumni.caltech.edu>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430           11455 Lakefield Dr.
Fax 770-623-3429           Duluth, GA 30097-1511
=================================================





-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Igmar Palsenberg
Sent: Wednesday, September 20, 2000 12:44 PM
To: Brian Thomas
Cc: bind-users at isc.org
Subject: Re: Specifying port in 'forwarders' directive?



On Tue, 19 Sep 2000, Brian Thomas wrote:

>
> It doesn't look like there's any way to specify an address/port
combination
> in the 'forwarders' directive, is this correct? Is there a specific
> reason for this, besides "Why would you want to?"  :)

Security. The bind that receives the request verifies the source /
destination adress.

Second, the standard says port 53.

> I'm trying to set up a test environment and it would be useful to
> be able to do this. I'm a little surprised that since you can set up
> BIND to *listen* on any port you want, and can specify ports in things
like
> dig and nslookup, that you can't specify one in the forwarders
directive.

Why ?? All DNS server listen on port 53. Server that don't don't get
queried. Seems like a useless feature in the real world..

> Brian


	Igmar

More information about the bind-users mailing list