In message <4a80e783.4090...@gmail.com>, Nelson Serafica writes:
> Last year, there was a global threat about cache poisoning so I updated immed
> iately my bind. I update it to BIND
> 9.5.0-P1 and did nothing to its named.conf
You should have at least checked the query-source clauses
to ensure that there wasn't a port specified.
query-source * port 53; // bad
query-source 10.53.0.1; // ok
query-source *; // ok (default)
query-source-v6 * port 53; // bad
query-source-v6 10.53.0.1; // ok
query-source-v6 *; // ok (default)
> Now, I'm setting up a secondary dns (in my previous emails) and I used BIND 9
> .6.1-P1. But when I do dig +short @<NS2 IP>
> porttest.dns-oarc.net txt, it is poor but when I do it on my ns1, it is great
> . ns2 is running the latest bind. I believe
> the fix for this is just update named to its new version. How come I'm still
> having poor when I'm running the new
> version of bind.
If the query-source is ok then NAT's and firewalls can
change the port as seen on the outside.
Mark
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
