os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add a question (and answer) about BIND listening on a high port number.

Browse source 
PR:		27284
Submitted by:	Michael Lucas <mwlucas@blackhelicopters.org>
This commit is contained in:
Dima Dorfman 2001-05-15 00:24:18 +00:00
parent e47973e74e
commit 8402d95fb8
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=9440
2 changed files with 58 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
en_US.ISO8859-1/books/faq/book.sgml
View file

@ -14,7 +14,7 @@
<corpauthor>The FreeBSD Documentation Project</corpauthor>
<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.192 2001/05/14 22:43:31 ue Exp $</pubdate>
<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.193 2001/05/14 22:57:35 dd Exp $</pubdate>
<copyright>
<year>1995</year>
@ -8820,6 +8820,34 @@ Znyx (2.2.x) ZX312, ZX314, ZX342, ZX345, ZX346, ZX348
</answer>
</qandaentry>
<qandaentry>
<question id="extra-named-port">
<para>BIND (<command>named</command>) is listening on port 53 and
some other high-numbered port. Has my host been
compromised?</para>
</question>
<answer>
<para>Probably not. FreeBSD 3.0 and later use a version of BIND
that uses a random high-numbered port for outgoing queries. If
you want to use port 53 for outgoing queries, either to get
past a firewall or to make yourself feel better, you can try
the following in
<filename>/etc/namedb/named.conf</filename>:</para>
<programlisting>options {
query-source address * port 53;
};</programlisting>
<para>You can replace the <literal>*</literal> with a single IP
address if you want to tighten things further.</para>
<para>Congratulations, by the way. It is good practice to read
your <command>sockstat</command> output and notice odd
things!</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bpf-not-configured">
<para>Why do I get <literal>/dev/bpf0: device not

30
en_US.ISO_8859-1/books/faq/book.sgml
View file

@ -14,7 +14,7 @@
<corpauthor>The FreeBSD Documentation Project</corpauthor>
<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.192 2001/05/14 22:43:31 ue Exp $</pubdate>
<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.193 2001/05/14 22:57:35 dd Exp $</pubdate>
<copyright>
<year>1995</year>
@ -8820,6 +8820,34 @@ Znyx (2.2.x) ZX312, ZX314, ZX342, ZX345, ZX346, ZX348
</answer>
</qandaentry>
<qandaentry>
<question id="extra-named-port">
<para>BIND (<command>named</command>) is listening on port 53 and
some other high-numbered port. Has my host been
compromised?</para>
</question>
<answer>
<para>Probably not. FreeBSD 3.0 and later use a version of BIND
that uses a random high-numbered port for outgoing queries. If
you want to use port 53 for outgoing queries, either to get
past a firewall or to make yourself feel better, you can try
the following in
<filename>/etc/namedb/named.conf</filename>:</para>
<programlisting>options {
query-source address * port 53;
};</programlisting>
<para>You can replace the <literal>*</literal> with a single IP
address if you want to tighten things further.</para>
<para>Congratulations, by the way. It is good practice to read
your <command>sockstat</command> output and notice odd
things!</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bpf-not-configured">
<para>Why do I get <literal>/dev/bpf0: device not