Dig: specifying a source port
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Wed Aug 4 20:54:48 UTC 2004
Joseph S D Yao <jsdy at center.osis.gov> wrote:
> On Wed, Aug 04, 2004 at 07:24:58PM +0100, Jim Reid wrote:
>> >>>>> "Jason" == Jason Richards <jrichards at gci.com> writes:
>>
>> Jason> I need to be able to specify the source port (since bind is
>> Jason> configured with transfer source port 53). I know this isn't
>> Jason> natively available, but I found a patch online for dig
>> Jason> v9.2.2 and have seemed to be able to make it work under
>> Jason> 9.2.3.
>>
>> Insisting zone transfers requests use a specifc port number is dumb.
>> Please don't do that.
> Some firewalls [;-(] still require that the source port be 53 as in the
> ancient versions of BIND! While this would normally be useless, if
> that is the case in his situation, it would be necessary.
Running such crippled (and old ) firewall is a security hazard.
Fix the real problem ( switch firewall), there is several free ones
available + a large number of expensive ones ( if that will make
your management sleep better)
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list