Date: Tue, 08 Jul 2008 14:07:58 -0700 From: Chuck Swiger <cswiger@mac.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: ports Message-ID: <DCE5DED7-40E2-406A-BB9D-1E5851811752@mac.com> In-Reply-To: <200807082004.25873.fbsd.questions@rachie.is-a-geek.net> References: <4873927E.3050307@godfur.com> <44ej64s4e7.fsf@be-well.ilk.org> <48739EB6.4040909@infracaninophile.co.uk> <200807082004.25873.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 8, 2008, at 11:04 AM, Mel wrote: > On Tuesday 08 July 2008 19:07:02 Matthew Seaman wrote: >> You can configure named to always send packets using a >> fixed port number (which can be helpful for firewalling) > > Purely outof interest, which (useful) firewall/nat rules cannot be > made with > dest port 53, that can be made with source port 53. Not talking > syntax, > but "business logically". Please note that using the same port for answering queries makes it vastly easier for somebody to spoof your DNS traffic. Unless you are one of the handful using DNSSEC, that is. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DCE5DED7-40E2-406A-BB9D-1E5851811752>