Hi Cricket,
I noticed after running a zone transfer that on the master server, there was
an event log message that stated "client 208.xx.xx.xx#1672 transfer of
'zone'/IN AXFR style. IXFR started. Is this what you mean by the ephemeral
port, which in this case is 1672. When I ran it again the port was 1700. Is
there any way to make these ports consistent (such as making it port 53 as
well), for when I set up TCPIP filtering on the slave server?
Thanks,
Simon
-----Original Message-----
From: Cricket Liu [mailto:cricket@xxxxxxxxxxxxxx]
Sent: Thursday, October 31, 2002 11:14 AM
To: bind9-users@xxxxxxx
Subject: Re: firewalling and BIND ports
schurch@xxxxxxxxxxxxxxx wrote:
> I need some clarification on what ports need to be opened for using
> BIND, so that we can make some changes to our firewall.
>
> For example, when carrying out a zone transfer from a master server
> to a slave server (using BIND 9.2.0), I do receive an event message
> on the slave indicating : the transfer of "zone/IN" from "master#53":
> end of transfer. However, I don't see any corresponding event log
> message on the master server that refers to which port is being used
You mean on the slave. The slave connects *to* the master's port 53.
The slave connects *from* an ephemeral port, usually over 1023.
There's a matrix in Recipe 7.2 in the Cookbook that shows this, if
you have it.
cricket
Men & Mice
DNS Software, Training and Consulting
www.menandmice.com
The DNS and BIND Cookbook, available now!
http://www.oreilly.com/catalog/dnsbindckbk/
|
