SUMMARY: forcing bind to use port 53 only

From: Christopher L. Barnard (
Date: Mon Dec 14 1998 - 11:46:59 CST

I asked:

> I've got a quick DNS question for the collective. We are unable to do
> DNS lookups to several large sites - the DNS query just times out. After
> our firewall administrator exchanged a bit of email with the firewall
> administrators of these sites, they have determined that my DNS queries
> are going out on random high-order ports and are only using port 53 for
> the response. These firewalls are blocking random high-order port packets.
> The solution is for my DNS server to send out queries on port 53 as well
> as using port 53 to receive responses. I'm sure that this is trivial, but
> I must be looking in the wrong place. A search of the archives at
> came up empty, and I don't find any mention of this issue at
> Can anyone provide me with a pointer to getting my DNS server to send
> outbound queries (at least for nonlocal lookups) to go out on port 53?
> This is Bind 4.9.5P1 on a Sun running Solaris 2.5.1. Thanks much.

The solution:

I was afraid of this. I'm gonna have to bite the bullet and upgrade my
Bind to version 8.1.2. The ability to set the query-source address to
a particular port is a feature of 8.1.2. As this type of corporate firewall
becomes more and more popular, more and more folks are going to have no
choice other than to upgrade to 8.1.2, I guess.

Thanks to:

Kathy Kost <>
john heasley <>
Graham Leggett <>
Alan Orndorff <> (James R Grinter)

| Christopher L. Barnard O When I was a boy I was told that |
| / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:53 CDT