From owner-freebsd-questions@FreeBSD.ORG Tue Jul 8 21:07:59 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A68B1065672 for ; Tue, 8 Jul 2008 21:07:59 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from smtpoutm.mac.com (smtpoutm.mac.com [17.148.16.71]) by mx1.freebsd.org (Postfix) with ESMTP id 71C318FC19 for ; Tue, 8 Jul 2008 21:07:59 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtp022-bge351000.mac.com (asmtp022-bge351000 [10.150.69.85]) by smtpoutm.mac.com (Xserve/smtpout008/MantshX 4.0) with ESMTP id m68L7xWL010433 for ; Tue, 8 Jul 2008 14:07:59 -0700 (PDT) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Received: from cswiger1.apple.com ([17.227.140.124]) by asmtp022.mac.com (Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 32bit)) with ESMTPSA id <0K3P0043DHDA0P50@asmtp022.mac.com> for freebsd-questions@freebsd.org; Tue, 08 Jul 2008 14:07:59 -0700 (PDT) Sender: cswiger@mac.com Message-id: From: Chuck Swiger To: FreeBSD Questions In-reply-to: <200807082004.25873.fbsd.questions@rachie.is-a-geek.net> Date: Tue, 08 Jul 2008 14:07:58 -0700 References: <4873927E.3050307@godfur.com> <44ej64s4e7.fsf@be-well.ilk.org> <48739EB6.4040909@infracaninophile.co.uk> <200807082004.25873.fbsd.questions@rachie.is-a-geek.net> X-Mailer: Apple Mail (2.926) Subject: Re: ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2008 21:07:59 -0000 On Jul 8, 2008, at 11:04 AM, Mel wrote: > On Tuesday 08 July 2008 19:07:02 Matthew Seaman wrote: >> You can configure named to always send packets using a >> fixed port number (which can be helpful for firewalling) > > Purely outof interest, which (useful) firewall/nat rules cannot be > made with > dest port 53, that can be made with source port 53. Not talking > syntax, > but "business logically". Please note that using the same port for answering queries makes it vastly easier for somebody to spoof your DNS traffic. Unless you are one of the handful using DNSSEC, that is. -- -Chuck