I'm not exactly sure about the Squid DNS implementation. But I do know that
DNS specifications say that the dest port is 53 for both the query and the
reply. I think that 53 is also always the source port on UDP transfers. So
the reply comes back on 53. And it's sessionless so it needs to leave the
port opening listening for the replies.
Billy
> -----Original Message-----
> From: David Banz [mailto:david.banz@GMD.DE]
> Sent: Monday, March 18, 2002 8:58 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] why is the UDP port for DNS queries
> kept "open"?
>
>
> Hello!
>
> I am using Squid 2.3stable4 (configures so that Squid does
> DNS lookups
> itself), and I was wondering why the UDP port used by Squid
> for this purpose
> is constantly kept "open" until Squid is shut down.
> Wouldn't it be safer to use a separate UDP port for each new
> DNS query, which
> is closed after the query has been answered or a timeout has occurred?
> Personally, I don't like the idea of having a port accepting
> incomming data
> all the time, which I cannot hide behind a firewall.
> (Sorry if my terminology might be a bit incorrect, but I hope
> you still get
> the idea...)
>
> --
> David Banz
>
Received on Mon Mar 18 2002 - 09:31:53 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:58 MST