It’s a good point, Kings. Our customer uses their routers as DNS servers at their remote offices and the traffic destined to the router itself can be falling under the management plane.
I thought that you control access to the router via a regular ACL which I still do by applying it to different VLAN interfaces. But when I query the router to show me open ports under the control plane I see DNS on the list as well. Hence DNS traffic is from control-plane ;) Router_LAB#show control-plane host open Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:22 *:0 SSH-Server LISTEN tcp *:23 *:0 Telnet LISTEN tcp *:53 *:0 DNS Server LISTEN udp *:53 *:0 DNS Server LISTEN udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN udp *:123 *:0 NTP LISTEN udp *:4500 *:0 ISAKMP LISTEN udp *:500 *:0 ISAKMP LISTEN From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Saturday, November 06, 2010 11:52 PM To: [email protected] Subject: [OSL | CCIE_Security] DNS part of which plane Hi all As per the Yusuf flash cards, DNS is part of the Management plane. Management plane is used to manage the device and control plane is used to dynamically build the network. The DNS builds the network by resolving the FQDN to IP address. I think, DNS should be in the control plane list. Any thoughts? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
