Configuring bind not to use unprivileged ports?
Mark Andrews
Mark_Andrews at isc.org
Fri Jun 2 00:07:58 UTC 2006
> I'm using bind 9.3.1 on a linux system running kernel version 2.6.11.12. I ad
> ded the following line to the options statement in the
> named.conf file:
> query-source address * port 53
> After that, I restarted bind but it still performs queries using UDP on unpri
> vileged ports (1024-65535).
>
> I need is to configure bind to use well defiend ports so that I can then conf
> igure iptables to allow outgoing DNS queries and
> incoming DNS replies. Besides, I prefer not to open all unprivileged ports so
> I tried the query-source option above but without
> success. Can anyone help me?
Firstly how do you know it is named that is making the queries?
1. Use a stateful firewall. It is a better long term solution
as you can then debug connectivity issues with tools like dig.
2. There are multiple source controls. query-source, notify-source
and transfer-source as well as the ipv6 variants. You need to
workout what requests are being made and set the appropriate one(s).
> P.S. I here's the complete named.conf file in case it is needed:
>
> options {
> directory "/etc/namedb";
> pid-file "/var/run/named.pid";
> statistics-file "/var/run/named.stats";
> allow-query { 0/0; };
> query-source address * port 53;
> };
>
> zone "." {
> type hint;
> file "root.hints";
> };
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "pz/127.0.0";
> };
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list