Increasing query port randomization under FreeBSD (?)
Ronald F. Guilmette
rfg at tristatelogic.com
Sat Jul 26 21:14:10 UTC 2008
In message <Pine.NEB.4.64.0807251846030.21786 at tx.reedmedia.net>, you wrote:
>On Fri, 25 Jul 2008, Ronald F. Guilmette wrote:
>
>> In the -P1 releases, the UDP range is 1024 through 65535. In the betas,
>> a few BSD operating systems sysctl tunables are used at named startup.
>> On other systems, the range is 1024 through 65535.
>>
>> OK, so which specific tunable(s) are important here? Would that be one of
>> these two?
>>
>> net.inet.ip.portrange.first
>> net.inet.ip.portrange.highfirst
>>
>> If so, which one, specifically?
>
>Note that this suggestion is for the betas only (and not -P1).
>
>net.inet.ip.portrange.hifirst (low end)
>
>net.inet.ip.portrange.hilast (high end)
The latter is already set to 65535, so there's not much I can do to make
_that_ better. :-)
So anyway, please clarify about net.inet.ip.portrange.hilast and -P1.
I don't even know what "betas" you are talking about, but I assume that
these must be pre-release betas of 9.5.1, yes?
Well, anyway, I have just upgraded to 9.5.0-P1. That's what I'll be
using for now. So I just want to know... Given that I'm running -P1
are you telling me that manually tuning net.inet.ip.portrange.hilast
downward will make no actually difference to what -P1 actually does?
Will changing this tunable help or not help with -P1? (If it won't
make any difference, I won't waste my time changing it.)
More information about the bind-users
mailing list