Sorry, lots of good ideas got thrown up while I was asleep.
On Mon, 16 Jan 2017, Stuart Henderson wrote:
In that case, unbound bound to an internal address, and NSD not bound to a specific address, or bound to external and 127.0.0.1.
I did the last of these. Which still needs 'rdr-to' on the external interface.
Which code, the 'dig' side or the daemon sucking on the port? I probably need to discuss this over a beer because there must e something I am missing.
The dig side. Pledge restricts what a process is able to do (killing the process if something other than this is attempted), so any bugs in dig causing it to do something other than the expected would trigger this. Since DNS packet parsing is rather complex and is by definition working on untrusted network input,
Understood. That still does not negate my need for a utility to suck on any port and 'grok' DNS-speak. Whether it is dig or anything else, I do not care. But a tool which enables you to test/debug a program on a non-standard port, whether it be for DNS, or whatever, is a key part of
our toolkit. Mind you, I can speak SMTP so I still use 'telnet' to debug my mail issues so I do not need it for port 25. But DNS, no way. Regards - Damian Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037 Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here Views & opinions here are mine and not those of any past or present employer
