Query source port 53
Barry Margolin
barry.margolin at level3.com
Mon Oct 13 17:37:37 UTC 2003
In article <bmeic1$esj$1 at sf1.isc.org>, Bragi Baldursson <bb at simi.is> wrote:
>I have been looking over the RFCs and the threads about the issue of using
>source port 53 for querying and it seems to me
>that the standard is to use port 53 as the query source port.
This was the behavior of BIND 4, but AFAIK it's not specified in any
standard. And BIND 8 changed the default behavior -- it now selects an
ephemeral source port.
>In a GPRS network environment we have typically 2 DNS servers. Each of
>these servers refer to a root
>server who resides in a GRX environment to get info for resolving.
>
>Now I have been having a problem with a particular GPRS operator that he
>will not allow my DNS to query
>his DNSs using source port 53. My DNSs have always used source port 53
>for querying so I was quite
>taken aback by this. His argument was that you are not allowed to use
>port 53 as a source port for DNS
>but you should use any port number > 1023.
>
>Due to this they close their firewall for all DNS queries coming from
>source port 53. Is this correct?
I don't think there's any standard restriction on the source port. And
since BIND 4 always uses port 53, he's blocking any access to his DNS from
sites that use old software.
--
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list