DNS using random ports is a new one on me. I've never heard of that, but would be interested in learning more if you have a resource to suggest.
Are you implementing the access list correctly? Remember that port 53 is the source, not the destination. I have a similar setup in my home lab and the rule is: access-list 101 permit tcp any eq 53 any log.
- Don
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 06, 2000 10:55 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: DNS Problem
I believe you can also permit established connections which would do the
same thing with a little more security.
-----Original Message-----
From: Frank Wells [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 06, 2000 12:02 PM
To: [EMAIL PROTECTED]
Subject: Re: DNS Problem
I believe DNS uses random ports to communicate once it has established a
session using port 53. This means you would need to open up the ports
greater than 1023 for this to work. Perhaps someone can confirm this as my
recollection of this is a little shaky.
>From: "Millner, Gary" <[EMAIL PROTECTED]>
>Reply-To: "Millner, Gary" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>Subject: DNS Problem
>Date: Mon, 6 Nov 2000 12:14:30 -0500
>
>I have a unique problem. I'm trying to put our firewall up using the Cisco
>IOS access-list commands. When I put it in place, with TCP and UDP ports
>53
>open, DNS will not work. We are using Windows 2000 Server as our DNS
>Server. Is there a bug in Windows 2000? Or does Windows 2000 use an
>additional port for DNS that I'm not aware of.
>
>Thanks.
>
>Gary Millner
>[EMAIL PROTECTED]
>
>
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
