From 8402d95fb8d362805f84cc4a1a873548093730b5 Mon Sep 17 00:00:00 2001 From: Dima Dorfman Date: Tue, 15 May 2001 00:24:18 +0000 Subject: [PATCH] Add a question (and answer) about BIND listening on a high port number. PR: 27284 Submitted by: Michael Lucas --- en_US.ISO8859-1/books/faq/book.sgml | 30 +++++++++++++++++++++++++++- en_US.ISO_8859-1/books/faq/book.sgml | 30 +++++++++++++++++++++++++++- 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/en_US.ISO8859-1/books/faq/book.sgml b/en_US.ISO8859-1/books/faq/book.sgml index 6513928950..9542bde30b 100644 --- a/en_US.ISO8859-1/books/faq/book.sgml +++ b/en_US.ISO8859-1/books/faq/book.sgml @@ -14,7 +14,7 @@ The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.192 2001/05/14 22:43:31 ue Exp $ + $FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.193 2001/05/14 22:57:35 dd Exp $ 1995 @@ -8820,6 +8820,34 @@ Znyx (2.2.x) ZX312, ZX314, ZX342, ZX345, ZX346, ZX348 + + + BIND (named) is listening on port 53 and + some other high-numbered port. Has my host been + compromised? + + + + Probably not. FreeBSD 3.0 and later use a version of BIND + that uses a random high-numbered port for outgoing queries. If + you want to use port 53 for outgoing queries, either to get + past a firewall or to make yourself feel better, you can try + the following in + /etc/namedb/named.conf: + + options { + query-source address * port 53; +}; + + You can replace the * with a single IP + address if you want to tighten things further. + + Congratulations, by the way. It is good practice to read + your sockstat output and notice odd + things! + + + Why do I get /dev/bpf0: device not diff --git a/en_US.ISO_8859-1/books/faq/book.sgml b/en_US.ISO_8859-1/books/faq/book.sgml index 6513928950..9542bde30b 100644 --- a/en_US.ISO_8859-1/books/faq/book.sgml +++ b/en_US.ISO_8859-1/books/faq/book.sgml @@ -14,7 +14,7 @@ The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.192 2001/05/14 22:43:31 ue Exp $ + $FreeBSD: doc/en_US.ISO_8859-1/books/faq/book.sgml,v 1.193 2001/05/14 22:57:35 dd Exp $ 1995 @@ -8820,6 +8820,34 @@ Znyx (2.2.x) ZX312, ZX314, ZX342, ZX345, ZX346, ZX348 + + + BIND (named) is listening on port 53 and + some other high-numbered port. Has my host been + compromised? + + + + Probably not. FreeBSD 3.0 and later use a version of BIND + that uses a random high-numbered port for outgoing queries. If + you want to use port 53 for outgoing queries, either to get + past a firewall or to make yourself feel better, you can try + the following in + /etc/namedb/named.conf: + + options { + query-source address * port 53; +}; + + You can replace the * with a single IP + address if you want to tighten things further. + + Congratulations, by the way. It is good practice to read + your sockstat output and notice odd + things! + + + Why do I get /dev/bpf0: device not