Possible System Compromise
Jim Reid
jim at rfc1035.com
Tue Feb 13 21:00:29 UTC 2001
>>>>> "Daniel" == Daniel Roesen <droesen at entire-systems.com> writes:
Daniel> On Wed, Feb 07, 2001 at 03:02:06PM +0000, Jim Reid wrote:
>> In the old days of BIND4, the server sent its queries from port
>> 53 and some people encoded that in their firewall and router
>> access filters. Maybe you're being bitten by that legacy
>> behaviour? BTW the query-source clause can be used in current
>> versions of BIND to set the source port number on outgoing
>> queries.
Daniel> Attention! Setting query-source port to a fixed port below
Daniel> 1024 is incompatible with named's -u option to run BIND in
Daniel> a non-priviledged user context. TCP queries will fail if
Daniel> you tighten your firewall filters to a fixed port 53 then.
Er, no. The name server binds to port 53 before it gives up its super
user privileges and run as some other UID. How else could the name
server work if it didn't listen on port 53? And to do that named has
to explicitly bind() to that port number.
More information about the bind-users
mailing list