DNS uses both TCP and UDP on port 53. I believe what you are trying to
do is put your DNS server behind the router, in which case port 53 on
your DNS server will be the destination.
access-list 101 permit udp any host x.x.x.x eq domain
access-list 101 permit tcp any host x.x.x.x eq domain
If this is an authoritative DNS server, you will need TCP for it to do
zone transfers and name queries. If it is only caching, then UDP alone
should work.
cheers,
mark
> "Taylor, Don" wrote:
>
> DNS using random ports is a new one on me. I've never heard of that,
> but would be interested in learning more if you have a resource to
> suggest.
>
> Are you implementing the access list correctly? Remember that port 53
> is the source, not the destination. I have a similar setup in my home
> lab and the rule is: access-list 101 permit tcp any eq 53 any log.
>
> - Don
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 06, 2000 10:55 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: DNS Problem
>
> I believe you can also permit established connections which would do
> the
> same thing with a little more security.
>
> -----Original Message-----
> From: Frank Wells [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 06, 2000 12:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: DNS Problem
>
> I believe DNS uses random ports to communicate once it has established
> a
> session using port 53. This means you would need to open up the ports
>
> greater than 1023 for this to work. Perhaps someone can confirm this
> as my
> recollection of this is a little shaky.
>
> >From: "Millner, Gary" <[EMAIL PROTECTED]>
> >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]>
> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> >Subject: DNS Problem
> >Date: Mon, 6 Nov 2000 12:14:30 -0500
> >
> >I have a unique problem. I'm trying to put our firewall up using the
> Cisco
> >IOS access-list commands. When I put it in place, with TCP and UDP
> ports
> >53
> >open, DNS will not work. We are using Windows 2000 Server as our DNS
>
> >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an
>
> >additional port for DNS that I'm not aware of.
> >
> >Thanks.
> >
> >Gary Millner
> >[EMAIL PROTECTED]
> >
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
