why linux mail relay uses high UDP ports for DNS instead of 53? 1

[yizhar]

HI.

One of the clients I support has a pix 515 ver 6.0(1) with 3 interfaces, and a mail relay server in DMZ.

I don't know right now any details about the mail relay except that it runs on linux (I'm not sure about this also, I'm not managing it). I also think it runs sendmail but I cannot check it now. I will check this in the near future.

I can see in the pix logs (level 6) many connections to the ISP DNS server from the mail relay box that uses UDP ports starting from 1097 on the local port, and high UDP destination port like 24236 for the ISP DNS server.
See this example:

%PIX-6-302005: Built UDP connection for faddr DNSSERVER/58440 gaddr x.x.x.x/1097 laddr 10.100.1.1/1097

10.100.1.1 is the internal address of mail relay.

So I understand that these are DNS queries.

But why isn't it using port 53?

Thanks.
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[netwrkr]

Linux, by default uses random, unprivileged ports >1024 for DNS queries. You can configure bind to send out queries on a specific port, wherease the replies would also come back on that same port.

In /etc/named.conf configure:

// query-source address * port 53;



remove the leading '//' and restart named. Your queries and responses will now go out and return on the port you specify.

Tom