To:
dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
11 Jan 2001 22:48:50 -0000
Sender:
owner-dnsop@cafax.se
Subject:
Re: resolvers using non-ephemeral ports
130.235.188.122, for example, is a BIND 8.2.2-P3 cache configured to send queries to servers from port 54. On the other hand, my cache refuses to answer packets from clients on low ports other than 53. There haven't been any reports of problems. I use a random port number between 1025 and 65535 for each outgoing query. I recommend the same strategy for all clients and caches: it makes DNS packet forgeries much more difficult. ---Dan