Error on starting named (bind916)

[kerogaz]

When I start named I get an error

/usr/local/etc/namedb/named.conf:76: 'query-source' cannot specify the DNS listener port (53)
/etc/rc.d/named: ERROR: named-checkconf for /usr/local/etc/namedb/named.conf failed

Named starts and works fine if line 76 is commented out in named.conf

Line 76 :

query-source address (ip dns server) port 53;

 

[kerogaz]

Maybe someone will explain why this line 76 of named.conf is used at all if named does not work with it, but named works without it? Bind911 didn't have this problem.

 

[SirDice]

Maybe someone will explain why this line 76 of named.conf is used at all

It's not used, it's commented out in the default named.conf.

 

[borjam]

Never use a single port as the source port for DNS queries.

Web-based DNS Randomness Test | DNS-OARC

www.dns-oarc.net

At most do specify a source address as the query source, not a port number.

 

[SirDice]

There's a big fat warning surrounding the commented option:

        /*
           Modern versions of BIND use a random UDP port for each outgoing
           query by default in order to dramatically reduce the possibility
           of cache poisoning.  All users are strongly encouraged to utilize
           this feature, and to configure their firewalls to accommodate it.

           AS A LAST RESORT in order to get around a restrictive firewall
           policy you can try enabling the option below.  Use of this option
           will significantly reduce your ability to withstand cache poisoning
           attacks, and should be avoided if at all possible.

           Replace NNNNN in the example with a number between 49160 and 65530.
        */
        // query-source address * port NNNNN;