02-02-2018
Forcing named 9 to use a fixed ephemeral port range
I'll start with I'm not an AIX expert, I inherited a lot of AIX servers to maintain.
My problem is on AIX 7.1 TL4 SP4 environments. I'm running named as a DNS forwarder only to internal DNS servers.
These AIX servers have a customized UDP ephemeral port range to avoid conflicting with the primary application running on them that defaults to a portion of the typical ephemeral range.
Since configuring named, I've seen that named is ignoring the OS configured ephemeral range.
The OS restricted UDP range is: 32768 to 49999.
I've seen requests from named using source ports above 49999.
After googling, the only article I can find that references named/bind and ephemeral ports is a page from ISC related to BIND 9. There's a setting "use-v4-udp-ports { range 1024 65535; };" that forces named to use a fixed UDP range for source ports. But the IBM documentation on named doesn't cover this option.
I tried putting the setting onto named.conf on a test system but now named won't start and no errors are logged.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
This is for 3 os's, AIX, Solaris, and AIX, didnt want to post three seperate times on the same subject, anyways, I want to force the user MQM to su, i.e. not be able to rlogin/telnet to the box as user MQM, only login as there ID(chris for example) and su to MQM, does anyone know how to do this,... (4 Replies)
Discussion started by: csaunders
4 Replies
2. Solaris
Is there a way in solaris 9 to prevent a user to login via ssh, telnet, rlogin, and only be able to su as that user, for example
have DBA joe blow login as jblow, and then su to oracle
BUT
not vice versa
have DBA joe blow login as oralce (6 Replies)
Discussion started by: csaunders
6 Replies
3. UNIX for Advanced & Expert Users
my apps use port 40001; however, for example, firstly, I ftp to other server, it made a high port locally, remote is port 21, unfortunately, it hit my port 40001 and my apps is unable to startup. This chance is very very little, but I hit it. Can resevse my port 40001? otherwise command don't use it (5 Replies)
Discussion started by: goodbid
5 Replies
4. AIX
May I know what is the TCP/UCP port range for any default AIX NFS? Based on rpcinfo -p, I got the following output:
program vers proto port service
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 ... (4 Replies)
Discussion started by: famasutika
4 Replies
5. AIX
Hi Guys,
Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port?
I'm sure it must be possible but I am unable to find the syntax.
Thanks
Chris (4 Replies)
Discussion started by: chrisstevens
4 Replies
6. UNIX for Dummies Questions & Answers
I want to limit all *outbound* traffic on eth0 (or all *.*) on port 25 to a specific (allowed) range...
I.E.
192.168.1.5 (local ip) tries to connect to 1.2.3.4:25 (outside real world ip)
It can proceed because 1.2.3.0/24 is the allowed range
Now, 192.168.1.5 (local ip) tries to connect to... (1 Reply)
Discussion started by: holyearth
1 Replies
7. Programming
Hello, I am writing a program which runs with root privileges, and it creates a child with lowered privileges and has to redirect it's stdout and stderr to a file and then run bash.
The problem is, whenever I read this file, I want to see all of the current output, even when the program is still... (10 Replies)
Discussion started by: madd-games
10 Replies
8. Red Hat
In my Linux system ephemeral port range is showing different ranges as follows
$ cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000
cat /etc/sysctl.conf | grep net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 9000 65500
Which will be the effective ephemeral port... (5 Replies)
Discussion started by: steephen
5 Replies
9. Solaris
please find the below o/p for your reference
bash-3.00# fcinfo hba-port
HBA Port WWN: 21000024ff295a34
OS Device Name: /dev/cfg/c2
Manufacturer: QLogic Corp.
Model: 375-3356-02
Firmware Version: 05.03.02
FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies
10. UNIX for Beginners Questions & Answers
hi,
i would like to create a bash script that check which port in my Linux server are closed (not in use) from a specific range, port range (3000-3010).
the print output need to be only 1 port, and it will be nice if the output will be saved as a variable or in same file.
my code is:
... (2 Replies)
Discussion started by: yossi
2 Replies
LEARN ABOUT CENTOS
ipa-dns-install
ipa-dns-install(1) IPA Manual Pages ipa-dns-install(1)
NAME
ipa-dns-install - Add DNS as a service to an IPA server
SYNOPSIS
ipa-dns-install [OPTION]...
DESCRIPTION
Adds DNS as an IPA-managed service. This requires that the IPA server is already installed and configured.
OPTIONS
-p DM_PASSWORD, --ds-password=DM_PASSWORD
The password to be used by the Directory Server for the Directory Manager user
-d, --debug
Enable debug logging when more verbose output is needed
--ip-address=IP_ADDRESS
The IP address of the IPA server. If not provided then this is determined based on the hostname of the server.
--forwarder=FORWARDER
A forwarder is a DNS server where queries for a specific non-resolvable address can be directed. To define multiple forwarders use
multiple instances of --forwarder
--no-forwarders
Do not add any DNS forwarders, send non-resolvable addresses to the DNS root servers.
--reverse-zone=REVERSE_ZONE
The reverse DNS zone to use
--no-reverse
Do not create new reverse DNS zone. If used on a replica and a reverse DNS zone already exists for the subnet, it will be used.
--zonemgr
The e-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
-U, --unattended
An unattended installation that will never prompt for user input
EXIT STATUS
0 if the installation was successful
1 if an error occurred
IPA
Jun 28, 2012 ipa-dns-install(1)