Mark Andrews <ma...@isc.org> wrote:
>
> Perhaps because it is a legitimate, though unwise, client source port
> that is in lots of old configurations.
>
> listen-on { <internal address>; };
> query-source * port 53;
I did this back in the 1990s because it worked around occasional interop
problems, I think caused by over-enthusiastic firewall configurations that
thought all DNS (queries and responses) should be on port 53. Several
years ago I found that things had changed and the popular over-
enthusiastic firewall configuration requires DNS query source ports to be
greater than 1023.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Faeroes, South-east Iceland: Northerly or northeasterly 3 or 4, occasionally 5
in Faeroes. Slight or moderate. Showers. Good.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
