Date: Wed, 21 Apr 1999 17:58:50 -0500 From: Ben Hockenhull <benh@jpj.net> To: freebsd-questions@freebsd.org Subject: Re: DNS through a firewall Message-ID: <v03102800b34407633072@[192.168.10.2]> In-Reply-To: <Pine.BSF.4.03.9904211418550.27954-100000@resnet.uoregon.edu> References: <371DF92D.1C74@asgard.slcc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>DNS packets all travel on port 53, so allow the port for incoming and >outgoing traffic. Not exactly. DNS queries, whether TCP or UDP, are sent to destination port 53. However, you can't count on the source port. BIND 4.x sources DNS traffic from port 53, so it used to be that you could count on nameserver to nameserver traffic to have port 53 as both source and destination port, and you could filter accordingly. BIND 8 doesn't do this. It sources DNS queries on high-numbered ports, as do most end-node resolvers. There is a named.conf option to force BIND 8 to the old behaviour. Ben -- Ben Hockenhull benh@jpj.net "Revenge is a dish best served with pinto beans and muffins." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v03102800b34407633072>