* JINMEI Tatuya / [EMAIL PROTECTED]@C#:H <[EMAIL PROTECTED]> [2008-08-14]: > At Wed, 13 Aug 2008 09:36:18 +0200, > "Hans F. Nordhaug" <[EMAIL PROTECTED]> wrote: > > > In the quest for securing the name servers in a company I try to help, > > I have gotten into to trouble. The company is running CentOS 5.0 and I > > have updated their Bind to 9.3.4_P1. In addition, I planned to remove > > the "query-source port 53;" from /etc/named.conf so the servers aren't > > vulnerable to cache poisoning. > > > > The problem is that recursive queries fails if I remove > > "query-source port 53;". I have check iptables on the servers and the > > rules on the Cisco ASA and there isn't anything limiting the traffic > > to port 53 - which I think the dumps below (from tcpdump) confirms. > > Do you mean any query always fails, or some queries sometime fail > (while some others succeed)?
Thx for replying. Any recursive query, i.e., any query for some domain the server isn't authorative for, fails. Hans
