rist John J Contr 27 IS/IND
Cc: '[EMAIL PROTECTED]'
Subject: Re: DNS problem?
On Thu, 29 Mar 2001, Secrist John J Contr 27 IS/IND wrote:
> A funny thing is happening on our network and it has us stumped.
>
> 1 - Some websites are not reachable by typing the hostname in a bro
one possiblility ...DNS server cant talk to the root servers but is
resolving some addresses from it's cache. If that's the case then before
long (depending on how your DNS server is configured) all the entries will
age out and no names will be resolved.
your pings timing out is not uncommon accr
Priscilla Oppenheimer wrote:
>
> Thanks for the info. I was just getting sick of all the misinformation so I
> over-simplified a bit and optimized for the most usual case. I was glad to
> get your response, though, since you obviously have the Authoritative
> Answer bit set! &;-)
:) I am by no m
Thanks for the info. I was just getting sick of all the misinformation so I
over-simplified a bit and optimized for the most usual case. I was glad to
get your response, though, since you obviously have the Authoritative
Answer bit set! &;-)
So, why would a DNS query generate a response that w
Priscilla Oppenheimer wrote:
>
> At 04:41 PM 11/6/00, Mark Nguyen wrote:
>
> > >
> > > If this is an authoritative DNS server, you will need TCP for it to do
> > > zone transfers and name queries. If it is only caching, then UDP alone
> >
> >Just to clear up so
At 04:41 PM 11/6/00, Mark Nguyen wrote:
> >
> > If this is an authoritative DNS server, you will need TCP for it to do
> > zone transfers and name queries. If it is only caching, then UDP alone
>
>Just to clear up some confusion, when I said name queries, I mean
ww.gdd.net/cisco/tcp
>
> - Original Message -
> From: Peter Slow <[EMAIL PROTECTED]>
> To: Millner, Gary <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Monday, November 06, 2000 5:49 AM
> Subject: Re: DNS Problem
>
> > first, dns is only udp.
&
oes not use random ports, however just like most TCP session,
> > the source port will always be a random port above 1023.
>
> >
> >
> > From: Frank Wells [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, November 06, 2000 12:02 PM
> > To: [EMAIL PROTECT
Mark Nguyen wrote:
>
> DNS uses both TCP and UDP on port 53. I believe what you are trying to
> do is put your DNS server behind the router, in which case port 53 on
> your DNS server will be the destination.
>
> access-list 101 permit udp any host x.x.x.x eq domain
> access-list 101 permit tcp
log.
>
> - Don
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 06, 2000 10:55 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: DNS Problem
>
> I believe you can also permit established c
mber 06, 2000 11:44 AM
Subject: RE: DNS Problem
> AFAIK, DNS does not use random ports, however just like most TCP session,
> the source port will always be a random port above 1023.
>
> The below in-bound ACL will permit your site to access a remote DNS
server.
>
> access-li
November 06, 2000 5:49 AM
Subject: Re: DNS Problem
> first, dns is only udp.
> dns will establish connections by connecting TO port 53, but will connect
from a port
> >1023.
> just allowing established connections will NOT work.
> dns server that your dns server querie
first, dns is only udp.
dns will establish connections by connecting TO port 53, but will connect from a port
>1023.
just allowing established connections will NOT work.
dns server that your dns server queries will need to open a connection TO your
nameserver.
you need to find a DNS server that
with your DNS server's IP Address)
Irwin
From: Frank Wells [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 06, 2000 12:02 PM
To: [EMAIL PROTECTED]
Subject: Re: DNS Problem
I believe DNS uses random ports to communicate once it has established a
session using port 53.
Title: RE: DNS Problem
DNS using random ports is a new one on me. I've never heard of that, but would be interested in learning more if you have a resource to suggest.
Are you implementing the access list correctly? Remember that port 53 is the source, not the destination. I have a si
I believe you can also permit established connections which would do the
same thing with a little more security.
-Original Message-
From: Frank Wells [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 06, 2000 12:02 PM
To: [EMAIL PROTECTED]
Subject: Re: DNS Problem
I believe DNS uses
I believe DNS uses random ports to communicate once it has established a
session using port 53. This means you would need to open up the ports
greater than 1023 for this to work. Perhaps someone can confirm this as my
recollection of this is a little shaky.
>From: "Millner, Gary" <[EMAIL PR
17 matches
Mail list logo