From owner-freebsd-questions Mon Apr 1 18:52:31 2002 Delivered-To: freebsd-questions@freebsd.org Received: from spitfire.velocet.net (spitfire.velocet.net [216.138.223.227]) by hub.freebsd.org (Postfix) with ESMTP id 5D03A37B405 for ; Mon, 1 Apr 2002 18:52:26 -0800 (PST) Received: from wenk (H204.C233.tor.velocet.net [216.138.233.204]) by spitfire.velocet.net (Postfix) with SMTP id EEE90FB4579; Mon, 1 Apr 2002 21:52:12 -0500 (EST) Message-ID: <00e201c1da0a$efeb54f0$b300a8c0@wenk> From: "Jeff Shevlen" To: "nate" Cc: References: <006501c1d9f0$c3e3f700$b300a8c0@wenk> <62321.63.121.110.34.1017708617.squirrel@webmail.linuxpowered.net> Subject: Re: port 1024 and system BIND Date: Mon, 1 Apr 2002 21:54:55 -0800 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG : By default I believe BIND uses a random port above 1024 for everything, : if you have a restrictive firewall you can change this behavior in : named.conf: : : query-source address * port 53; : : may be the directive. i think its to reduce BIND's dependence on running : as uid root. if you force it to use port 53 for everything you may not : be able to run it as non root (I haven't tried forcing it to 53) : Thanks nate, I had a look at the named.conf and it makes mention of the query-source directive in one of the comments. It says that versions 8.1 and up (I'm using 9.2 btw), use unprivilaged ports to communicate. It doesn't make any reference to using this directive and running the server as an unprivilaged user -- not a definative answer, but it looks good for unprivilaged users. Ftr. I have a few more questions, and I should better explain what my situation is: I'm behind a firewall and I'd like to allow zone transfers with an internet server that would act as a slave. Question 1.1: If I force port 53, and the slave server is joe blow's free DNS (granitecanyon.com), will the slave be able to figure out I want to talk on port 53 all by itself? Quesiton 1.2: Does anyone know if later versions of BIND try port 53 for old time's sake? Question 1.3: When BIND sends out a notify, does this signal tell other DNS servers it's open for business on 53 only, for instance? Maybe the real question is whether I can run this setup behind a firewall... Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message