This appears to be normal behavior.
BIND uses UDP 53 for it's listening port, but the responses appear from an
incrementing high number UDP port.
For example, my DNS server is currently answering a query on UDP 45441, then
the next query is answered on port 45442.

TCP 53 is actually used for Zone transfers, whereas regular nslookup type
queries happen on UDP 53.
This is normal when the name daemon forks, it needs it's own unique port.

--Abe
3Com IT

"Jas Amidzic" <jasmin.amidzicabs.gov.au> on 10/09/2001 04:22:54 PM

Sent by: "Jas Amidzic" <jasmin.amidzicabs.gov.au>

To: focus-sunsecurityfocus.com
cc: (Abel Lopez/HQ/3Com)
Subject: BIND and 32774 or 32775 UDP ports

BIND 9.1.3 besides listening to TCP port 53 also appear to be listening on UDP
ports 32774 and 32775. Quick nmap scan reviled this ports identifying them as
'sometimes-rpc12' and 'sometimes-rpc14'. However this ports apart to be
associated with BIND, once BIND is stooped 'netstat' does not list those ports
as being in the listening state. Pleas not that all RPC services on the box are
disabled.

I am not sure why this ports are being put in listening state by BIND. Any
ideas ...?

Thanks Jas

-----------------------------------------------
ABS Australian Business Number: 26 331 428 522 ABS Web Site:
www.abs.gov.au

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]