[Dnsmasq-discuss] max ports option
Simon Kelley
simon at thekelleys.org.uk
Fri Feb 26 16:15:27 GMT 2010
Replying to my own post:
> For the avoidance of doubt, it's worth pointing out that you don't need
> to clear the whole port range of other uses: dnsmasq will avoid ports in
> use by other processes. What you can't do is block any of the range in a
> firewall unless you use connection tracking to open ports inward in
> response to outgoing packets.
It's also worth pointing at that dnsmasq will never use more than 64*
ports at any one time; if more than 64 queries are in progress, ports
will be shared between queries. For security dnsmasq needs a large range
over which to pick random ports, but it doesn't use lots of ports or
lots of kernel resources and it certainly won't camp on 64000 ports.
* controllable by changing RANDOM_SOCKS in src/config.h and recompiling,
if that's necessary.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list