Please help alleviate my confusion - I have a box which is running bind and
when I run nmap on it I get
bash# nmap -sU localhost
Starting nmap V. 2.53 by fyodor at insecure.org ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1446 ports scanned but not shown below are in state: closed)
Port State Service
37/udp open time
1024/udp open unknown
Note the lack of mention of port 53. Then I ran lsof to see what's on 1024
and I get
bash# lsof -i UDP:1024
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 116 root 4u IPv4 70 UDP *:1024
If I run lsof against UDP:53 I get
bash# lsof -i UDP:53
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 116 root 20u IPv4 68 UDP some.domainname.com:domain
All of the above gives rise to a couple of questions:
1) Why doesn't nmap show named using 53/udp ?
2) Why does lsof show named using 1024/udp ?
3) Why does "lsof -i UDP:53" show only that one line of output for the
domain some.domainname.com ? The box in question is authoritative for a
number of domains and when I run "lsof -i UDP:53" on another nameserver I
get a number of lines of output for different domains.
Niall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
