On Thu, 4 Feb 1999, Lourdes A Jones wrote:
> Bind 4 named always used port 53 and was therefore ignored, Bind 8 named
> uses a random high port by default and is therefore suspect. (RH 5.2 comes
> with Bind 8) Edit the /etc/named.conf file and add (or uncomment)
> 'query-source address * port 53;' in the options section. Now named to
> named transfers will be ignored again.
I assume there's a security reason why named now uses random high ports.
Does anyone know what the risk is? Is it something to which only
machines continually connected to the internet are vulnerable? Does
dynamic IP assignment mitigate the risk?
>> xntpd is one service that tries to resolve names when it starts up. It
>> could be just about anything.
> Check your init settings and make sure that diald is brought up after any
> other services that will try and make a connect. In my case the init files
> were named S57diald (in the rc3.d, rc4.d and rc5.d directories) renaming
> them S98diald solved the problem.
Good idea ... that change should be worked into redhat, debian, etc., if
it isn't already. However, I'm concerned that it may lengthen the boot
process, and that packets or name resolution requests may linger on until
diald is started. Perhaps there's another way ... some sort of named
forwarding configuration?
Ed
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
