![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=262387 Summary: DNS Server in Yast used non standard source TCP Port 11076 in lieu of IANA DNS Resolution Standard of TCP/UDP 53 Product: openSUSE 10.2 Version: Final Platform: i386 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: alpha096@tpg.com.au QAContact: jsrain@novell.com DNS resolution has been a long standing source and destination port of TCP/UDP 53. Whilst the destination port is observed by DNS Server in Yast it is expected that the source port should also confirm to TCP/UDP 53 rather than TCP 1107 Whilst it is understood there is no specific requirement for the source port to be TCP/UDP 53 it is widely assumed and relied upon by Hardware Devices, Firewalls, IDS/IDP. The issue is that is a workstation will use TCP/UDP 53 as a source Port and hence comply with assumed standards, however the DNS server which provides DNS resolution does not. Ports above 1024 are generally regarded as optional port assignment and are confined to specific applications with specific requirements. It is not unusual for all ports above 1024 to be treated as potential security risks and they are heavily monitored by institutions where there is a strong emphasis on security. There may be operational reasons why Port TCP/UDP 53 is not used as a source Port, however it does complicate the establishment of Hardware security where common conventions are always assumed. For discussion. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.