Hi, in line with out deprecation policy, I am notifying the mailing list about our preliminary intent to deprecate the definition of the source ports and rely on the operating system to provide reasonable ephemeral port range for outgoing UDP and TCP connections.
Specifying outgoing ports is a bad practice, it's already discouraged, it's prone to errors (it's not only specifying single port, but specifying not enough ports removes a layer of protection) and is already full of caveats like: .. note:: The address specified in the :any:`query-source` option is used for both UDP and TCP queries, but the port applies only to UDP queries. TCP queries always use a random unprivileged port. .. warning:: Specifying a single port is discouraged, as it removes a layer of protection against spoofing errors. .. warning:: The configured :term:`port` must not be the same as the listening port. The deprecation will include: * specifying **port** in following statements: - `query-source` - `query-source-v6` - `transfer-source` - `transfer-source-v6` - `notify-source` - `notify-source-v6` - `parental-source` - `parental-source-v6` * following statements as whole: - `use-v4-udp-ports` - `use-v6-udp-ports` - `avoid-v4-udp-ports` - `avoid-v6-udp-ports` These options will be marked as deprecated in BIND 9.20[1][2] and removed in BIND 9.22[3]. 1. BIND 9.20 will be released early 2024 2. Most probably we will also enable the warning in BIND 9.18 to notify users that skip versions. 3. BIND 9.22 will be release in early 2026 Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users