Specifying port in 'forwarders' directive?

Bob Vance bobvance at alumni.caltech.edu
Mon Sep 25 14:51:06 UTC 2000 

Thanks.
I merely mentioned the "query-source" to point out exactly what you just
said -- that it has no effect on the original question, which remains:

   "Why can you specify a "port" on the "listen-on" option?
    What commands make a server *query* that specific port?
   "

-------------------------------------------------
Tks        | <mailto:Bob_Vance at sbm.com>
BV         | <mailto:bobvance at alumni.caltech.edu>
Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
Vox 770-623-3430           11455 Lakefield Dr.
Fax 770-623-3429           Duluth, GA 30097-1511
=================================================





-----Original Message-----
From: news at buty.wanadoo.nl [mailto:news at buty.wanadoo.nl]On Behalf Of
Marc Lampo
Sent: Monday, September 25, 2000 2:30 AM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Specifying port in 'forwarders' directive?



Hello,

the "query source" option is not for having the server listening for
queries
on a different port !
That option tells the server that, if it has to do queries itself, it
should
*send* them from the indicated port.
Of course name servers consulted will send their *reply* to that port.

Hope this helps,

Marc

Bob Vance wrote:

> I still have a problem with the original question.
>
> > All DNS server listen on port 53.
>
> Then what's the point of having the option to allow a serve to listen
on
> a port other than 53?
> If we cannot specify a different port to query, whose gonna query that
> alternate port?
>
> An aside:
>
> As I understand the "query-source" statement, it is only used to
specify
> the socket that 'named' will listen on for the *response* to queries
> that
> are sent out.  It specifies the data that will go into the *source*
> address/port of the packet sent to the destination.
>
> I think that the asterisked statement from the DOCO web page
> is misleading (at least it was confusing to me):
> ===================
> Query Address
> If the server doesn't know the answer to a question, it will
> query other nameservers.
>
> *** query-source specifies the address and port used for
> *** such queries.
>
>  If address is * or is omitted, a wildcard IP address (INADDR_ANY)
will
> be used. If port is * or is omitted, a random unprivileged port will
be
> used. The default is
>
>     query-source address * port *;
>
> Note: query-source currently applies only to UDP queries; TCP queries
> always use a wildcard IP address and a random unprivileged port.
> ================
>
> As written, it implies that it is the target socket for the query.
> I would think that the statement in question should be worded
something
> like:
>
>    "query-source specifies the address and port used as the
>     *source* socket for such queries.  'named' will listen on
>     this socket for the response to the query just sent.
>    "
>
> Presumably, the process that just sent the packet with the
query-source
> address/port will then be listening on that socket for the reply.
>
> Now if we do this, how to we handle multiple queries at once?
> If we send out all the queries with the same address/port, how do we
> match the response to the original requestor?
> Does he keep a table of outstanding queries and try to match responses
> to
> the queries?
>
> -------------------------------------------------
> Tks        | <mailto:Bob_Vance at sbm.com>
> BV         | <mailto:bobvance at alumni.caltech.edu>
> Sr. Technical Consultant,  SBM, A Gates/Arrow Co.
> Vox 770-623-3430           11455 Lakefield Dr.
> Fax 770-623-3429           Duluth, GA 30097-1511
> =================================================
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Igmar Palsenberg
> Sent: Wednesday, September 20, 2000 12:44 PM
> To: Brian Thomas
> Cc: bind-users at isc.org
> Subject: Re: Specifying port in 'forwarders' directive?
>
> On Tue, 19 Sep 2000, Brian Thomas wrote:
>
> >
> > It doesn't look like there's any way to specify an address/port
> combination
> > in the 'forwarders' directive, is this correct? Is there a specific
> > reason for this, besides "Why would you want to?"  :)
>
> Security. The bind that receives the request verifies the source /
> destination adress.
>
> Second, the standard says port 53.
>
> > I'm trying to set up a test environment and it would be useful to
> > be able to do this. I'm a little surprised that since you can set up
> > BIND to *listen* on any port you want, and can specify ports in
things
> like
> > dig and nslookup, that you can't specify one in the forwarders
> directive.
>
> Why ?? All DNS server listen on port 53. Server that don't don't get
> queried. Seems like a useless feature in the real world..
>
> > Brian
>
>         Igmar

More information about the bind-users mailing list