.@ Tony Finch – blog

This has to be the strangest (or stupidest) way that I have seen of treating ports < 1024 specially.

It seems that the nameservers for spacely.net drop any queries that use a source port < 1024. (They also serve domains such as ChristopherReeve.org, which is a brain research funding charity and the reason I found out about the problem.) It was a complete bugger to diagnose, because dig of course uses a high source port, so it was able to resolve names without a problem. My nameservers (and chiark's) use the traditional source port 53, so they were in trouble. By default bind now uses high source ports so most sites would not trip over the stupidity.

I guess it's time to remove that bit of ancient paranoia from my usual named.conf options section.

; <<>> DiG 9.3.4 <<>> -b mx ChristopherReeve.org @ns.spacely.net
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

; <<>> DiG 9.3.4 <<>> -b mx ChristopherReeve.org @ns.spacely.net
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;ChristopherReeve.org.          IN      MX

ChristopherReeve.org.   14400   IN      MX      10 mail.ChristopherReeve.org.
ChristopherReeve.org.   14400   IN      MX      5 mail1.ChristopherReeve.org.

mail.ChristopherReeve.org. 14400 IN     A
mail1.ChristopherReeve.org. 14400 IN    A

;; Query time: 185 msec
;; WHEN: Thu Apr 17 12:53:08 2008
;; MSG SIZE  rcvd: 113