Duncan <dun...@isn-portal.de> wrote: > > Is there any option to suppress warnings if using transfer-source / > notify-source specifying ports ?
There are good reasons for these warnings. NOTIFY uses UDP, and source port randomization in UDP is important to protect against spoofing. Spoofing NOTIFY is relatively harmless, but it does create more work for the target server than other requests, so you don't want to make it easy. Zone transfers use TCP. A TCP connection is identified by its 4-tuple: its source and destination addresses and ports. Multiple concurrent TCP connections to the same server require differing source ports, because the rest of the 4-tuple must be the same. If you fix your zone transfer TCP source port, then every zone transfer to your server from its upstream (primary/master) will have the same 4-tuple. This means you will only be able to perform one zone transfer at a time because there can only be one TCP connection at a time with the same 4-tuple. You are also probably going to have an unhappy encounter with the various TCP connection shutdown timers (FIN_WAIT, CLOSE_WAIT, etc.) that prevent successive TCP connections with the same 4-tuple from getting muddled up. So you can suppress the warnings, and avoid the problems they are warning you about, by not specifying the source ports. Tony. -- f.anthony.n.finch <d...@dotat.at> https://dotat.at/ Southwest Forties, Cromarty, Forth, Tyne, Dogger: Southwesterly 5 to 7, occasionally gale 8 at first except in Cromarty, then decreasing 4 at times. Moderate or rough in southwest Forties and Dogger, but elsewhere slight or moderate. Rain or showers. Good, occasionally poor for a time. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users