-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Seaman wrote:
> Probably what Brett is looking for are the avoid-v4-udp-ports and > avoid-v6-udp-ports options -- these just contain lists of UDP ports > to avoid as the source of any DNS traffic. Details are available here > (for bind95) http://www.isc.org/sw/bind/arm95/Bv9ARM.ch06.html#options > but it's the same for all 9.x versions of BIND. This is fine as long as you are not defining large numbers of "don't touch" ports. The added functionality of 9.5.1b1: use-v4-udp-ports { range 1024 65535; }; use-v6-udp-ports { range 1024 65535; }; Is what I was pointing people towards. AlanC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFId8TacKpYUrUDCYcRAhmHAJoCkQ3dxLfQhw1EamBJfNrLqwVZLwCfcfRg VTWMnJEfymL8TH7AV2MQ7y4= =mIl7 -----END PGP SIGNATURE----- _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
