You really don't want to do that. Lookup up and read about Kaminsky DNS bug.
Ondřej Surý On 29. 11. 2012, at 16:59, Ricardo Fraile <[email protected]> wrote: > I think that the unbound open an arbitrary udp port, how can I fix for use > always the same port? > > > > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > udp 0 0 0.0.0.0:53 0.0.0.0:* > 1152/unbound > udp 0 0 0.0.0.0:17790 0.0.0.0:* > 1152/unbound > > > > > > thanks, > > De: Ricardo Fraile <[email protected]> > Para: "[email protected]" <[email protected]> > Enviado: Jueves 29 de noviembre de 2012 16:43 > Asunto: Unbound and firewall > > Hello, > > I try to put iptables in the same server that unbound but I can't do a > local resolv: > > dig terra.es @127.0.0.1 > > ; <<>> DiG 9.7.3 <<>> terra.es @127.0.0.1 > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > > > whit this iptables rules: > > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [2271:2106405] > -A INPUT -s 30.0.0.0/8 -p tcp -j ACCEPT > -A INPUT -s 30.0.0.0/8 -p udp -j ACCEPT > -A INPUT -s 30.0.0.0/8 -p icmp -j ACCEPT > -A INPUT -s 127.0.0.1/32 -p udp -j ACCEPT > -A INPUT -s 127.0.0.1/32 -p tcp -j ACCEPT > -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT > -A INPUT -p udp -m udp --dport 53 -j ACCEPT > -A INPUT -j DROP > COMMIT > > > > If I clean the firewall, all works, but why? Which ports use unbound for the > queries? > > > Thanks, > > > > > > > > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
