Multiple IPs Associated With A Single Name
Matthew Pounsett
matt at conundrum.com
Thu Sep 29 21:33:23 UTC 2016
On 29 September 2016 at 14:18, Tim Daneliuk <tundra at tundraware.com> wrote:
>
> What I am stuck on is this: Is there any simple (i.e., non-root) way
> to write a client or otherwise configure userspace to go to the
> non-standard
> port and run my sort of man-in-the-middle server? Or is this just a stupid
> idea?
>
>
There's no way to specify a port number in a delegation, so if this is an
authoritative DNS server that you expect random clients on the Internet to
contact, it must run on port 53... so you'll need root access to start it
up. I'm not aware of stub resolvers that accept port numbers in their
configuration either (e.g. glibc and resolv.conf) ... although I'll admit
I haven't gone to double check that... but I think you're out of luck for a
recursive server as well.
Configuration for forwarders and stub zones can include a port number,
however. So in theory you could have a server somewhere that answers on
port 53 forwarding queries to your server that answers on an unprivileged
port.
That seems like a lot of complexity to go to in order to avoid running a
name server as root, though. You'd probably be better off convincing your
systems people to set up sudo in such a way that you can administer a DNS
server running on a privileged port, and nothing else.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160929/60c1439d/attachment.html>
More information about the bind-users
mailing list