RE: Dig: specifying a source port

> From: Jason Richards <jrichards@gci.com>
> To: "'Joseph S D Yao'" <jsdy@center.osis.gov>, Jim Reid <jim@rfc1035.com>
> Cc: bind-users@isc.org
> Subject: RE: Dig: specifying a source port
> Date: Wed, 4 Aug 2004 11:10:48 -0800
>
> Joe,
> You've hit the nail on the head before I had the chance. If it was easy
> enough to change from our customers' beliefs and expectations, then I would.
> But it's not.
>
> Jim,
>
> The patch actually came from the bind users list
> (http://marc.theaimsgroup.com/?l=bind...5736501990&w=2).
>
> I'm no programming whiz, but the way I read this code is that all it's doing
> is allowing a source port to be specified and used, not changing the way
> that the connection is torn down. I don't feel I need your recommendation in
> order to understand this. Even without the patch, the connection remains
> open in a TIME_WAIT state. So I think my question is appropriate for this
> list and it still stands.

TIME_WAIT is controlled by the OS. It is the time the OS waits from
the time the last data was transferred and the port 'closed' until the
ACK on the close is received from the remote end. After TIME_WAIT
expires, then the OS drops the port because some OSs take the close as
a signal to reset their end instead of sending an ACK... I think. (I
*do* know that it is controlled by the OS. My explanation might be
wrong on terms since I don't have a reference handy and it HAS been
awhile...)

Oh well...

>
> -Jason
>
> > On Wed, Aug 04, 2004 at 07:24:58PM +0100, Jim Reid wrote:
> > > >>>>> "Jason" == Jason Richards <jrichards@gci.com> writes:
> > >
> > > Jason> I need to be able to specify the source port (since bind is
> > > Jason> configured with transfer source port 53). I know this isn't
> > > Jason> natively available, but I found a patch online for dig
> > > Jason> v9.2.2 and have seemed to be able to make it work under
> > > Jason> 9.2.3.
> > >
> > > Insisting zone transfers requests use a specifc port number is dumb.
> > > Please don't do that.
> >
> > Some firewalls [;-(] still require that the source port be 53 as in the
> ancient versions of BIND! While this would > normally be useless, if that
> is the case in his situation, it would be necessary.
>
>
> -- Binary/unsupported file stripped by Ecartis --
> -- Type: application/x-pkcs7-signature
> -- File: smime.p7s
>
>
>

---------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479
San Jose, CA 95134 | Internet: ghicks@cadence.com

I am perfectly capable of learning from my mistakes. I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch. Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton