Re: [Fed-Talk] OS X chatting with DNS server via port 5353
Re: [Fed-Talk] OS X chatting with DNS server via port 5353
- Subject: Re: [Fed-Talk] OS X chatting with DNS server via port 5353
- From: Michael <email@hidden>
- Date: Thu, 15 Mar 2007 13:05:26 -0400
On Mar 15, 2007, at 12:34 PM, Todd Heberlein wrote:
On Mar 15, 2007, at 6:18 AM, Michael wrote:
On Mar 15, 2007, at 8:58 AM, Neal Emerald wrote:
Port 5353 is for multicast DNS - which is part of Bonjour.
Yes, I know port 5353 is Bonjour but why does OS X need to chat
with the defined DNS servers as part of Bonjour. It's not looking
up hostnames when it's doing this.
Just a side note on Bonjour/multicast that some might find
interesting/disturbing.
A while ago I added a second ISP and connected a new Linksys
BEFSX41 firewall router with NAT and firewall turned on. I have
always felt comfortable with NAT, because any inbound packet not
associated with a known outbound session is by default dropped.
Then, to my surprise, while running iTunes someone else's iTunes
library kept popping up on my list of music sources. It had me a
bit spooked. After spending some time with sniffers and Google, I
discovered iTunes used Bonjour, and by default my Linksys router
allowed multicast traffic into my network!!
So be careful if you are using Linksys, you might be allowing
multicast traffic onto your network, and possibly leaking it out.
Todd
PS. If you are seeing multicast chatter, see if it comes and goes
depending on whether iTunes is on.
I have confirmed that iTunes is not the source of this particular
chatter in my configuration (Sharing is totally disabled).
The Bonjour chatter from iTunes in this configuration consists of
broadcasts of the form UDP mymachine:5353 224.0.0.251:5353 out. It's
not clear I can disable this either without also disabling access to
my printer; other then the method I'm using "Forward to
127.0.0.1" (using deny results in numerous errors in the system
log). My ipfw.log is getting rather large, 102M since Feb 12 (I'm
not logging the common incoming UDP broadcast chatter from other
machines).
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden