[dns-operations] query source port 53, was Re: Why would an MTA issue an ANY query instead of an MX query?
Tony Finch
dot at dotat.at
Tue Jun 12 11:35:50 UTC 2012
Mark Andrews <marka at isc.org> wrote:
>
> Perhaps because it is a legitimate, though unwise, client source port
> that is in lots of old configurations.
>
> listen-on { <internal address>; };
> query-source * port 53;
I did this back in the 1990s because it worked around occasional interop
problems, I think caused by over-enthusiastic firewall configurations that
thought all DNS (queries and responses) should be on port 53. Several
years ago I found that things had changed and the popular over-
enthusiastic firewall configuration requires DNS query source ports to be
greater than 1023.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Faeroes, South-east Iceland: Northerly or northeasterly 3 or 4, occasionally 5
in Faeroes. Slight or moderate. Showers. Good.
More information about the dns-operations
mailing list