On Sat, May 12, 2007 at 08:31:07PM +0400, Попов Игорь Н wrote:
> Hi, all!
> I have question what set of rules is faster for bind (both auth and recursor):
> 1)
> in named.conf:
> listen-on port 53 {127.0.0.1; 80.0.0.1; };
> query-source address 80.0.0.1 port 5353;
Using a fixed source port for queries is a VERY BAD idea, it makes it
much easier to spoof DNS responses.
Keep state is almost always faster, and in fact is on by default in
OpenBSD 4.1 and newer - you will have to explicitly request 'no state'
in your rule to prevent stateful filtering.
-Ryan
