On Thu, 2007-02-01 at 13:32 -0500, Jack Neely wrote: > I've had some problems installing RHEL on a specific VLAN at work. The > problem is that the loader does DNS requests but the router was dropping > the DNS replies therefore the loader couldn't resolve its IP and the URL > where the kickstart lived. > > Turns out that UDP packets heading toward the servers on this VLAN with > destination port of 32768 are dropped by an ACL put in place to meet > some security requirements of an out sourced credit card charging > company. The security policy states some concerns that this is a port > that solaris commonly uses for the NFS statd RPC server. > > The security folks here expressed concern that the loader wasn't > randomizing the DNS port as normal resolvers do. I know the environment > for the loader is pretty restrictive. Is it possible to choose a more > random port and/or incriment the port used if DNS queries are failing? Possible. Our DNS lookup code (isys/dns.c) is pretty simple because we can't use glibc's libresolv stuff because of NSS (can't offer DSOs in the loader environment). File a bug so we have some way to track this feature. -- David Cantrell <dcantrell@xxxxxxxxxx> Red Hat / Westford, MA
Attachment:
signature.asc
Description: This is a digitally signed message part
