9.2.1 & transfers
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sun Nov 24 20:51:17 UTC 2002
> On Sun, Nov 24, 2002 at 05:18:26PM +1100, Mark_Andrews at isc.org wrote:
> >
> > > transfer-source address 10.0.0.1 port 53;
> > >
> > > is only for SOA questions and dynamic updates (so only UDP).
> > > But transfers goes through TCP.
> > >
> > > I need to force bind (secondary) for question primary FROM port 53 TCP fo
> r tr
> > > ansfer zones.
> > >
> > > Any idea???
> >
> > You can't as it is not supported. Named (like every other TCP
> > application) use a system assigned port to initiate connections.
> >
> > Mark
>
> No!
>
> Applications can initiate connections TCP from ports <1024 :
> socket()
> bind()
> connect()
>
> And not like now socket() and connect().
>
> But to do this we need root privileges(for bind ports <1024).
> And here is my problem, because named goes at me with named.named privileges
> and I don't need to change this.
>
> I'm still waiting for some idea...
I will repeat. What you want is NOT supported. Fix your firewall
rules to cope with the current behaviour. If you need to identify
that it is named making the zone transfer request use TSIG to sign
the request.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list