Date: Thu, 11 Sep 2008 07:21:20 GMT From: Aleksandr Stankevic <alex@braske.net> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/127290: FAQ book: discourage the use of port 53 for outgoing DNS queries Message-ID: <200809110721.m8B7LKaV079112@www.freebsd.org> Resent-Message-ID: <200809110730.m8B7U2Jt053876@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 127290 >Category: docs >Synopsis: FAQ book: discourage the use of port 53 for outgoing DNS queries >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 11 07:30:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Aleksandr Stankevic >Release: >Organization: >Environment: >Description: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#EXTRA-NAMED-PORT -- quote -- BIND uses a random high-numbered port for outgoing queries. If you want to use port 53 for outgoing queries, either to get past a firewall or to make yourself feel better, you can try the following in /etc/namedb/named.conf: options { query-source address * port 53; }; You can replace the * with a single IP address if you want to tighten things further. -- quote -- We should discourage the use of query-source address * port 53 because of the last vulnerability in DNS. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809110721.m8B7LKaV079112>