Re: DNS Problem

2000-11-06 Thread Frank Wells
I believe DNS uses random ports to communicate once it has established a session using port 53. This means you would need to open up the ports greater than 1023 for this to work. Perhaps someone can confirm this as my recollection of this is a little shaky. >From: "Millner, Gary" <[EMAIL PR

RE: DNS Problem

2000-11-06 Thread hmalmgren
I believe you can also permit established connections which would do the same thing with a little more security. -Original Message- From: Frank Wells [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 12:02 PM To: [EMAIL PROTECTED] Subject: Re: DNS Problem I believe DNS uses

RE: DNS Problem

2000-11-06 Thread Taylor, Don
Title: RE: DNS Problem DNS using random ports is a new one on me. I've never heard of that, but would be interested in learning more if you have a resource to suggest. Are you implementing the access list correctly? Remember that port 53 is the source, not the destination. I have a si

RE: DNS Problem

2000-11-06 Thread Irwin Lazar
with your DNS server's IP Address) Irwin From: Frank Wells [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 12:02 PM To: [EMAIL PROTECTED] Subject: Re: DNS Problem I believe DNS uses random ports to communicate once it has established a session using port 53.

Re: DNS Problem

2000-11-06 Thread Peter Slow
first, dns is only udp. dns will establish connections by connecting TO port 53, but will connect from a port >1023. just allowing established connections will NOT work. dns server that your dns server queries will need to open a connection TO your nameserver. you need to find a DNS server that

Re: DNS Problem

2000-11-06 Thread Clayton Dukes
November 06, 2000 5:49 AM Subject: Re: DNS Problem > first, dns is only udp. > dns will establish connections by connecting TO port 53, but will connect from a port > >1023. > just allowing established connections will NOT work. > dns server that your dns server querie

Re: DNS Problem

2000-11-06 Thread Minh Vu
mber 06, 2000 11:44 AM Subject: RE: DNS Problem > AFAIK, DNS does not use random ports, however just like most TCP session, > the source port will always be a random port above 1023. > > The below in-bound ACL will permit your site to access a remote DNS server. > > access-li

Re: DNS Problem

2000-11-06 Thread Mark Nguyen
log. > > - Don > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 06, 2000 10:55 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: DNS Problem > > I believe you can also permit established c

Re: DNS Problem

2000-11-06 Thread Mark Nguyen
Mark Nguyen wrote: > > DNS uses both TCP and UDP on port 53. I believe what you are trying to > do is put your DNS server behind the router, in which case port 53 on > your DNS server will be the destination. > > access-list 101 permit udp any host x.x.x.x eq domain > access-list 101 permit tcp

Re: DNS Problem

2000-11-06 Thread Priscilla Oppenheimer
oes not use random ports, however just like most TCP session, > > the source port will always be a random port above 1023. > > > > > > > From: Frank Wells [mailto:[EMAIL PROTECTED]] > > Sent: Monday, November 06, 2000 12:02 PM > > To: [EMAIL PROTECT

Re: DNS Problem

2000-11-06 Thread Peter Slow
ww.gdd.net/cisco/tcp > > - Original Message - > From: Peter Slow <[EMAIL PROTECTED]> > To: Millner, Gary <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, November 06, 2000 5:49 AM > Subject: Re: DNS Problem > > > first, dns is only udp. &

Re: DNS Problem

2000-11-06 Thread Priscilla Oppenheimer
At 04:41 PM 11/6/00, Mark Nguyen wrote: > > > > If this is an authoritative DNS server, you will need TCP for it to do > > zone transfers and name queries. If it is only caching, then UDP alone > >Just to clear up some confusion, when I said name queries, I mean

Re: DNS Problem

2000-11-07 Thread Mark Nguyen
Priscilla Oppenheimer wrote: > > At 04:41 PM 11/6/00, Mark Nguyen wrote: > > > > > > > If this is an authoritative DNS server, you will need TCP for it to do > > > zone transfers and name queries. If it is only caching, then UDP alone > > > >Just to clear up so

Re: DNS Problem

2000-11-07 Thread Priscilla Oppenheimer
Thanks for the info. I was just getting sick of all the misinformation so I over-simplified a bit and optimized for the most usual case. I was glad to get your response, though, since you obviously have the Authoritative Answer bit set! &;-) So, why would a DNS query generate a response that w

Re: DNS Problem

2000-11-08 Thread Mark Nguyen
Priscilla Oppenheimer wrote: > > Thanks for the info. I was just getting sick of all the misinformation so I > over-simplified a bit and optimized for the most usual case. I was glad to > get your response, though, since you obviously have the Authoritative > Answer bit set! &;-) :) I am by no m

Re: DNS problem?

2001-03-29 Thread kentdj
one possiblility ...DNS server cant talk to the root servers but is resolving some addresses from it's cache. If that's the case then before long (depending on how your DNS server is configured) all the entries will age out and no names will be resolved. your pings timing out is not uncommon accr

RE: DNS problem?

2001-03-29 Thread Sam Hebert
rist John J Contr 27 IS/IND Cc: '[EMAIL PROTECTED]' Subject: Re: DNS problem? On Thu, 29 Mar 2001, Secrist John J Contr 27 IS/IND wrote: > A funny thing is happening on our network and it has us stumped. > > 1 - Some websites are not reachable by typing the hostname in a bro