[squid-users] Restricting listening "UDP DNS client port" to an interface/IP?

From: Martin Koniczek <[email protected]>
Date: Wed, 6 Apr 2005 11:16:09 +0200

Hi,

is it possible to restrict the DNS client port to a specific interface or
IP? netstat grep:
udp 0 0 0.0.0.0:33076 0.0.0.0:* 3522/(squid)

i am aware that squids code is quite sane and only accepts DNS answers from
servers it just send requests to, but still this could be forged, and i
don't like lines as the above one which are not really needed.

at least in my setup, squid talks to two fixed DNS servers which are all
reached via one interface (eth1, not the public one) - setting up a specific
firewall rule is also tricky, because the listening port seems
"randomly choosen"

so basically i am looking for options like this i cannot find:
dns_incoming_address: ...
dns_outgoing_address: which binds like http_port with IP
or sth to specify the port, or to restrict the interface, whatever...

any help appreciated,
    martin koniczek
Received on Wed Apr 06 2005 - 03:16:32 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT