first, dns is only udp.
dns will establish connections by connecting TO port 53, but will connect from a port
>1023.
just allowing established connections will NOT work.
dns server that your dns server queries will need to open a connection TO your
nameserver.
you need to find a DNS server that everyone will use, and allow ALL ports >1023 on that
dns server to open udp connections to your nameserver.
if you want to learn from this, you need to go to the router with the problem, debug
security, and udp / tcp packets (as detailed as possible) and look at what is Being
denied and how you can fix it.
"Millner, Gary" wrote:
> I have a unique problem. I'm trying to put our firewall up using the Cisco
> IOS access-list commands. When I put it in place, with TCP and UDP ports 53
> open, DNS will not work. We are using Windows 2000 Server as our DNS
> Server. Is there a bug in Windows 2000? Or does Windows 2000 use an
> additional port for DNS that I'm not aware of.
>
> Thanks.
>
> Gary Millner
> [EMAIL PROTECTED]
>
>
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
