Recursive queries fail if query source port is not fixed
JINMEI Tatuya / 神明達哉
Jinmei_Tatuya at isc.org
Wed Aug 13 23:13:05 UTC 2008
At Wed, 13 Aug 2008 09:36:18 +0200,
"Hans F. Nordhaug" <Hans.F.Nordhaug at hiMolde.no> wrote:
> In the quest for securing the name servers in a company I try to help,
> I have gotten into to trouble. The company is running CentOS 5.0 and I
> have updated their Bind to 9.3.4_P1. In addition, I planned to remove
> the "query-source port 53;" from /etc/named.conf so the servers aren't
> vulnerable to cache poisoning.
>
> The problem is that recursive queries fails if I remove
> "query-source port 53;". I have check iptables on the servers and the
> rules on the Cisco ASA and there isn't anything limiting the traffic
> to port 53 - which I think the dumps below (from tcpdump) confirms.
Do you mean any query always fails, or some queries sometime fail
(while some others succeed)?
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list