DNS using UDP 53 for their primary, and TCP 53 for secondary. So, if host
request DNS primary (UDP 53) was fail it will switch to secondary which
using TCP 53.
----- Original Message -----
From: "Irwin Lazar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 06, 2000 11:44 AM
Subject: RE: DNS Problem
> AFAIK, DNS does not use random ports, however just like most TCP session,
> the source port will always be a random port above 1023.
>
> The below in-bound ACL will permit your site to access a remote DNS
server.
>
> access-list 100 permit udp host x.x.x.x eq 53 any
>
> (of course, replace the X's with your DNS server's IP Address)
>
> Irwin
>
>
> ------------
> From: Frank Wells [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 06, 2000 12:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: DNS Problem
>
>
> I believe DNS uses random ports to communicate once it has established a
> session using port 53. This means you would need to open up the ports
> greater than 1023 for this to work. Perhaps someone can confirm this as
my
> recollection of this is a little shaky.
>
>
> >From: "Millner, Gary" <[EMAIL PROTECTED]>
> >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]>
> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> >Subject: DNS Problem
> >Date: Mon, 6 Nov 2000 12:14:30 -0500
> >
> >I have a unique problem. I'm trying to put our firewall up using the
Cisco
>
> >IOS access-list commands. When I put it in place, with TCP and UDP ports
> >53
> >open, DNS will not work. We are using Windows 2000 Server as our DNS
> >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an
> >additional port for DNS that I'm not aware of.
> >
> >Thanks.
> >
> >Gary Millner
> >[EMAIL PROTECTED]
> >
> >
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
