Solved How to change the remote port of dns query than 53?

sdf

Active Member

Reaction score: 3
Messages: 170

Hello everyone,

If the specified Unbound listening port is 65535, how should the DNS clients be set up to send queries to it? The DNS clients seems to use 53 as the default remote port.

Thanks.
 

kpa

Beastie's Twin

Reaction score: 1,807
Messages: 6,318

In general you can't do that, almost all clients are hardwired to query UDP/TCP port 53. In some cases you can change the port to something else, for example if the client is running a local resolver like Unbound the port change is just matter of changing the configuration. On clients that use only the stub resolver(3) this is not possible because the port number is hard coded in the C code.

Overall it's not worth it to use a custom listening port for DNS, what is the problem you're trying to solve here?
 
OP
OP
S

sdf

Active Member

Reaction score: 3
Messages: 170

I am just wondering. Both Unbound and NSD can modify the port that answers queries, but Unbound does not seem to provide the option to modify the remote port of DNS query.
 

kpa

Beastie's Twin

Reaction score: 1,807
Messages: 6,318

Unbound can do that when forwarding. This is my configuration that uses forward over TLS to quad9 servers.

Code:
    tls-cert-bundle: "/usr/local/etc/ssl/cert.pem"
    forward-zone:
    name: "."
    forward-ssl-upstream: yes
    forward-addr: 9.9.9.9@853
    forward-addr: 149.112.112.112@853
The same syntax <ipaddr>@<port> works without TLS/SSL as well.
 
  • Thanks
Reactions: sdf
OP
OP
S

sdf

Active Member

Reaction score: 3
Messages: 170

Thank you very much. I found that the stub-zone can also specify the port.
 
Top