Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Jan 2003 11:29:28 +0100
From:      Mark <admin@asarian-host.net>
To:        <freebsd-questions@freebsd.org>
Subject:   How to stop BIND from using high ports?
Message-ID:  <200301281029.H0SATM937146@asarian-host.net>
next in thread | raw e-mail | index | archive | help 
Hi,

I am having a bit of a problem. One might say, a serious problem. :( When
other servers query my name servers, they send queries with a source port of
53; but apparently my BIND (8.3.4) is responding from a high port (seemingly
random). And this is causing some trouble. :( How can I prevent that??

In my "options" section I have

    query-source address * port 53;

But my log is filled with entries like these:

Accept UDP 10.0.0.2:53 194.112.32.1:1024 out via rl0
Accept UDP 10.0.0.2:53 209.73.14.10:38992 out via rl0
Accept UDP 10.0.0.2:53 165.250.91.52:53 out via rl0
Accept UDP 10.0.0.2:53 209.73.14.10:38992 out via rl0
Accept UDP 10.0.0.2:53 15.243.160.33:32857 out via rl0
Accept UDP 10.0.0.2:53 194.205.246.130:42876 out via rl0
Accept UDP 10.0.0.2:53 198.49.218.20:53 out via rl0
Accept UDP 10.0.0.2:53 203.2.75.109:53 out via rl0
Accept UDP 10.0.0.2:53 146.18.16.248:53 out via rl0
Accept UDP 10.0.0.2:53 15.251.160.31:32852 out via rl0
Accept UDP 10.0.0.2:53 15.251.160.31:32852 out via rl0

Which seems to suggest that for outgoing UDP a random high port is being
used. :( And I do not understand why. :(

I have only four ipfw rules defined regarding DNS:

${fwcmd} add 3 allow tcp from any to any 53 out via ${outside}
${fwcmd} add 4 allow udp from any to any 53 out via ${outside}
${fwcmd} add 5 allow tcp from any 53 to any in via ${outside}
${fwcmd} add 6 allow udp from any 53 to any in via ${outside}

Why is BIND using high ports for outgoing udp? And how do I stop it?

I appreciate your comments, as this is truly becoming a problem.

- Mark


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301281029.H0SATM937146>