From Bugzilla Helper: User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.2.16-22 i686) An random UDP high port is 'listening' each time named is rebooted. This port can be found with a remote system using nmap. A typical nmap resonse would be: Port State Service 1820/udp open unknown This port is known to belong to named as I found with lsof: # lsof|grep 1820 named 12393 root 4u IPv4 41217 UDP *:1820 Reproducible: Always Steps to Reproduce: 1. install bind-8.2.3 2. configure bind with a reasonable tight config file 3. start bind with `/etc/rc.d/init.d/named start` Actual Results: A UDP port belongs to named but it is not stated in any BIND documentation. Expected Results: Either the use of this port should be documented or this UDP port shouldn't be used by named. I tracked down all I could to make tripple sure I don't have a rootkit on the nameserver. None was found and the system operates within defined security paramters except this UDP port. And it has me worried. (Just because I'm paranoid doesn't mean those intelligence people wouldn't like to snif in on my server. ;=)
Not A Bug. This is BIND's UDP query socket. It's dynamically assigned by the kernel (INPORT_ANY). You can circumvent having it by using "query-source address * port 53;" in your options {} block in named.conf. It is no additional security risk whatsoever. I leave it up to Bero to RESOLVED/NOTABUG because he is the one with the red hat. :->