On 29 September 2016 at 14:18, Tim Daneliuk <tun...@tundraware.com> wrote:
> > What I am stuck on is this: Is there any simple (i.e., non-root) way > to write a client or otherwise configure userspace to go to the > non-standard > port and run my sort of man-in-the-middle server? Or is this just a stupid > idea? > > There's no way to specify a port number in a delegation, so if this is an authoritative DNS server that you expect random clients on the Internet to contact, it must run on port 53... so you'll need root access to start it up. I'm not aware of stub resolvers that accept port numbers in their configuration either (e.g. glibc and resolv.conf) ... although I'll admit I haven't gone to double check that... but I think you're out of luck for a recursive server as well. Configuration for forwarders and stub zones can include a port number, however. So in theory you could have a server somewhere that answers on port 53 forwarding queries to your server that answers on an unprivileged port. That seems like a lot of complexity to go to in order to avoid running a name server as root, though. You'd probably be better off convincing your systems people to set up sudo in such a way that you can administer a DNS server running on a privileged port, and nothing else.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
