3.26 Running a Name Server on an Alternate Port

3.26.1 Problem

You want to run a name server on a port other than 53.

3.26.2 Solution

Use the listen-on options substatement. For example:

options {
    directory "/var/named";
    listen-on port 1053 { any; };
};

If this is a master name server for one or more zones, you can specify the port on which the master is running in your slaves' masters substatements. A zone statement on the slave might look like this:

zone "foo.example" {
    type slave;
    masters port 1053 { 192.168.0.1; };
    file "bak.foo.example";
};

3.26.3 Discussion

This configuration requires some explaining. What's the use of running a name server on an alternate port?

The most common reason is to test a name server's configuration. You can configure a name server to listen on a high-numbered port, even start it without root privilege, and use dig's -p option (to specify the port number) or nslookup's set port command (same thing) to make sure it responds the way you expect.

You might also be running firewall software that does port translation, so that you can translate incoming queries sent to port 53 to whichever port you choose. Or you might just want to run several named processes on the same host, acting as master name servers for different versions of the same zone. Of course, you can also use BIND 9's views feature for that, with less overhead.

Specified before the list of master name servers, the port applies to all masters. Sometimes that isn't what you want, because not all of your masters run on an alternate port. If that's the case, BIND 9 name servers support an alternate form:

zone "foo.example" {
    type slave;
    masters { 192.168.0.1 port 1053; 192.168.1.1; };
    file "bak.foo.example";
};

3.26.4 See Also

"Configuring the IPv4 Transport" in Chapter 10 of DNS and BIND.