[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: DNS queries using source port 32768



On Thu, 2007-02-01 at 13:32 -0500, Jack Neely wrote:
> I've had some problems installing RHEL on a specific VLAN at work.  The
> problem is that the loader does DNS requests but the router was dropping
> the DNS replies therefore the loader couldn't resolve its IP and the URL
> where the kickstart lived.
> 
> Turns out that UDP packets heading toward the servers on this VLAN with
> destination port of 32768 are dropped by an ACL put in place to meet
> some security requirements of an out sourced credit card charging
> company.  The security policy states some concerns that this is a port
> that solaris commonly uses for the NFS statd RPC server.
> 
> The security folks here expressed concern that the loader wasn't
> randomizing the DNS port as normal resolvers do.  I know the environment
> for the loader is pretty restrictive.  Is it possible to choose a more
> random port and/or incriment the port used if DNS queries are failing?

Possible.  Our DNS lookup code (isys/dns.c) is pretty simple because we
can't use glibc's libresolv stuff because of NSS (can't offer DSOs in
the loader environment).

File a bug so we have some way to track this feature.

-- 
David Cantrell <dcantrell redhat com>
Red Hat / Westford, MA

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]