Name Resolution issue with one domain
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Mar 22 09:46:12 UTC 2012
>On 21/03/2012 09:41, Matus UHLAR - fantomas wrote:
>> maybe the admin set that up to force local servers using random ports,
>> instead of 53, for outgoing requests. Nobody should use port 53 for
>> _ougtoing_ requests.
On 21.03.12 23:41, Anand Buddhdev wrote:
>You're wrong. A name server can use any source port from 1 up to 65535
>for an outgoing query, as long as that port is not in use by any other
>process on the system.
well, it _can_ but because ports < 1024 are undesrtood as privileged,
it should not use them.
>In fact, up until Kaminsky's revelation, many BIND servers used a fixed
>source port of 53.
yes, but because of Kaminsky's revelation, servers should not use that
port anymore.
While it's of up to the the admin of resolving server, it's possible
that FW admin at dubai airport had reason to block ports>1024.
Maybe they got attack from enabled chargen or echo UDP services from
somewhere. We do not knot that. But we surely know that OP's
nameservers use port 53 which they should not use...
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
More information about the bind-users
mailing list