From 6646cc41d737101f4b87ce66e8bc33d154eb25b9 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 7 Jan 2002 22:53:48 +0000
Subject: [PATCH] Q: Why is named listening on UDP port other than 53?

---
 FAQ | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/FAQ b/FAQ
index f47c1d95a6..d75d5665c8 100644
--- a/FAQ
+++ b/FAQ
@@ -299,7 +299,8 @@ A: (BIND 9.3 and later) Use TSIG to select the appropriate view.
 		...
 	};
 
-Q. I have Freebsd 4.4 and "rndcconfgen -a" just sits there.
+
+Q: I have Freebsd 4.4 and "rndcconfgen -a" just sits there.
 
 A: /dev/random is not configured.  Use rndcontrol(8) to tell the kernel
 to use certian interupts as a source of random events.  You can make this
@@ -308,3 +309,15 @@ permanent by setting rand_irqs in /etc/rc.conf.
 e.g.
 	/etc/rc.conf
 	rand_irqs="3 14 15"
+
+
+Q: Why is named listening on UDP port other than 53?
+
+A: Named uses a system selected port to make queries of other nameservers.
+This behaviour can be overridden by using query-source to lock down the
+port and/or address.
+
+The reason for this behaviour was to correct the mis-perception of firewall
+designers that they only had to allow queries from other nameservers (port
+53) and not ordinary DNS clients.  Named acts like any other DNS client
+when making queries.  Firewall designers have learnt their lesson.