Re: BIND ignores queries from specific privileged source ports

Tony Finch Tue, 11 Jun 2019 02:23:52 -0700

Mark Andrews <ma...@isc.org> wrote:

> As for the NAT box that chooses those ports.  If you can’t keep the
> original port it should choose a ephemeral port at random. Choosing a
> well known port is problematic for lots of reasons.


If I understand the documentation that was linked previously
https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config/nat-basics.html#ID-2090-00000438
I think the option that does the right thing is "flat" without
"include-reserve".

Tony (muttering about PIX fuxup mode even tho cisco changed the name).
-- 
f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/
Irish Sea: North or northeast, 5 to 7. Slight or moderate. Occasional
rain. Good, occasionally moderate.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND ignores queries from specific privileged source ports

Reply via email to