[dns-operations] query source port 53, was Re: Why would an MTA issue an ANY query instead of an MX query?

Tony Finch dot at dotat.at
Tue Jun 12 11:35:50 UTC 2012

Mark Andrews <marka at isc.org> wrote:
> Perhaps because it is a legitimate, though unwise, client source port
> that is in lots of old configurations.
> 	listen-on { <internal address>; };
> 	query-source * port 53;

I did this back in the 1990s because it worked around occasional interop
problems, I think caused by over-enthusiastic firewall configurations that
thought all DNS (queries and responses) should be on port 53. Several
years ago I found that things had changed and the popular over-
enthusiastic firewall configuration requires DNS query source ports to be
greater than 1023.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Faeroes, South-east Iceland: Northerly or northeasterly 3 or 4, occasionally 5
in Faeroes. Slight or moderate. Showers. Good.

More information about the dns-operations mailing list