Duncan <dun...@isn-portal.de> wrote:
>
> Is there any option to suppress warnings if using transfer-source /
> notify-source specifying ports ?

There are good reasons for these warnings.

NOTIFY uses UDP, and source port randomization in UDP is important to
protect against spoofing. Spoofing NOTIFY is relatively harmless, but it
does create more work for the target server than other requests, so you
don't want to make it easy.

Zone transfers use TCP. A TCP connection is identified by its 4-tuple: its
source and destination addresses and ports. Multiple concurrent TCP
connections to the same server require differing source ports, because the
rest of the 4-tuple must be the same. If you fix your zone transfer TCP
source port, then every zone transfer to your server from its upstream
(primary/master) will have the same 4-tuple. This means you will only be
able to perform one zone transfer at a time because there can only be one
TCP connection at a time with the same 4-tuple. You are also probably
going to have an unhappy encounter with the various TCP connection
shutdown timers (FIN_WAIT, CLOSE_WAIT, etc.) that prevent successive TCP
connections with the same 4-tuple from getting muddled up.

So you can suppress the warnings, and avoid the problems they are warning
you about, by not specifying the source ports.

Tony.
-- 
f.anthony.n.finch  <d...@dotat.at>  https://dotat.at/
Southwest Forties, Cromarty, Forth, Tyne, Dogger: Southwesterly 5 to
7, occasionally gale 8 at first except in Cromarty, then decreasing 4
at times. Moderate or rough in southwest Forties and Dogger, but
elsewhere slight or moderate. Rain or showers. Good, occasionally poor
for a time.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to