From owner-freebsd-questions Tue Jan 28 2:30: 6 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86F0C37B401 for ; Tue, 28 Jan 2003 02:30:03 -0800 (PST) Received: from mail12.atl.registeredsite.com (mail12.atl.registeredsite.com [64.224.219.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id F282543E4A for ; Tue, 28 Jan 2003 02:29:55 -0800 (PST) (envelope-from admin@asarian-host.net) Received: from asarian-host.net (asarian-host.net [216.122.74.112]) by mail12.atl.registeredsite.com (8.12.2/8.12.6) with ESMTP id h0SATokS000525 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for ; Tue, 28 Jan 2003 05:29:50 -0500 Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email addresses for asarians can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by asarian-host.net (8.11.6/8.11.0) id h0SATn237155 for freebsd-questions@freebsd.org; Tue, 28 Jan 2003 11:29:49 +0100 (CET) (envelope-from admin@asarian-host.net) Posted-Date: Tue, 28 Jan 2003 11:29:49 +0100 (CET) From: Mark Message-Id: <200301281029.H0SATM937146@asarian-host.net> Date: Tue, 28 Jan 2003 11:29:28 +0100 X-Authenticated-Sender: admin@asarian-host.net Subject: How to stop BIND from using high ports? X-Trace: KYRbiIcnG1ohtKnu8rZ0D9nSOo551bJdzsjnOw7CB0OJlMGGszT+spqjSShI5lMx X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers X-Abuse-Info: Otherwise we are unable to process your complaint Organization: Asarian-host To: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Auth: Asarian-host PGP signature iQEVAwUAPjZbnTFqW1BleBN9AQHc8Qf/c9oN8gFM81NZwpjy1fn21jmdodIkRDUJ VOr35LeYsh4nglUopdkGnpsXR0FL5l4IH4TdAVUj7KfX/vFDpWAeBj4fxRVYjY4L jvWEFSQbmqg0Qtv3sCvSZjxzTldZn5A4OH+YwN9TF/EFFcJKHneYiWIyH4aJjm3c 5QndL+mG6LBLrtse2WMTx/JmGPpmwYH5s+urHVDTBT8JiGwRETPpy0kvKPGbKq69 ZFVdS3ylzeCOa/C2fOyA0vsIqydytEhWkH8Q7zvFWJIRP/Ymie54Bi5/1PlW1P+3 aaGLiFrsOQHStyC/cs59Hf4iUxEwrSn+tKjfZnDz78VBdVvSC6OCmw== =sgl2 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I am having a bit of a problem. One might say, a serious problem. :( When other servers query my name servers, they send queries with a source port of 53; but apparently my BIND (8.3.4) is responding from a high port (seemingly random). And this is causing some trouble. :( How can I prevent that?? In my "options" section I have query-source address * port 53; But my log is filled with entries like these: Accept UDP 10.0.0.2:53 194.112.32.1:1024 out via rl0 Accept UDP 10.0.0.2:53 209.73.14.10:38992 out via rl0 Accept UDP 10.0.0.2:53 165.250.91.52:53 out via rl0 Accept UDP 10.0.0.2:53 209.73.14.10:38992 out via rl0 Accept UDP 10.0.0.2:53 15.243.160.33:32857 out via rl0 Accept UDP 10.0.0.2:53 194.205.246.130:42876 out via rl0 Accept UDP 10.0.0.2:53 198.49.218.20:53 out via rl0 Accept UDP 10.0.0.2:53 203.2.75.109:53 out via rl0 Accept UDP 10.0.0.2:53 146.18.16.248:53 out via rl0 Accept UDP 10.0.0.2:53 15.251.160.31:32852 out via rl0 Accept UDP 10.0.0.2:53 15.251.160.31:32852 out via rl0 Which seems to suggest that for outgoing UDP a random high port is being used. :( And I do not understand why. :( I have only four ipfw rules defined regarding DNS: ${fwcmd} add 3 allow tcp from any to any 53 out via ${outside} ${fwcmd} add 4 allow udp from any to any 53 out via ${outside} ${fwcmd} add 5 allow tcp from any 53 to any in via ${outside} ${fwcmd} add 6 allow udp from any 53 to any in via ${outside} Why is BIND using high ports for outgoing udp? And how do I stop it? I appreciate your comments, as this is truly becoming a problem. - Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message