Re: Name Resolution issue with one domain

Thu, 22 Mar 2012 13:18:17 -0700 

Dear All,
 
 Thanks alot for helpming to identify the exact problem. Now my problem has 
been solved once i chang the source port from 53 to empherial port.
 
Regards
Babudheen
 

________________________________
 From: Matus UHLAR - fantomas <uh...@fantomas.sk>
To: bind-users@lists.isc.org 
Sent: Thursday, 22 March 2012 12:46 PM
Subject: Re: Name Resolution issue with one domain
  
> On 21/03/2012 09:41, Matus UHLAR - fantomas wrote:
>> maybe the admin set that up to force local servers using random ports,
>> instead of 53, for outgoing requests. Nobody should use port 53 for
>> _ougtoing_ requests.

On 21.03.12 23:41, Anand Buddhdev wrote:
> You're wrong. A name server can use any source port from 1 up to 65535
> for an outgoing query, as long as that port is not in use by any other
> process on the system.

well, it _can_ but because ports < 1024 are undesrtood as privileged, it should 
not use them.

> In fact, up until Kaminsky's revelation, many BIND servers used a fixed
> source port of 53.

yes, but because of Kaminsky's revelation, servers should not use that port 
anymore.

While it's of up to the the admin of resolving server, it's possible that FW 
admin at dubai airport had reason to block ports>1024. 
Maybe they got attack from enabled chargen or echo UDP services from somewhere. 
We do not knot that. But we surely know that OP's nameservers use port 53 which 
they should not use...


-- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to