We have seen some bizarre answers to a very simple question about DNS
behavior. I'd like to set the record straight based on my years of sniffing
DNS transactions.
When a client queries a DNS server to map a domain name to an IP address,
the client sends the query to UDP port 53. If the server doesn't have an
answer, and if the client requested recursive lookup, the server asks
another server higher up in the hierarchy. That request also goes to UDP
port 53. The responses will be from UDP port 53, destined to the ephemeral
(> 1023) port that the requester used as a source port in its request. No
rocket science here.
When a primary DNS server does a zone transfer of a large number of
resource records to a secondary server, the primary server sends the data
to TCP port 53. The primary server does a normal TCP 3-way handshake to
establish a connection with the secondary server. TCP is appropriate in
this case because reliability is required and because of the large amount
of data. This is a case where you could use the established keyword. Note,
that you couldn't use it in the UDP example, of course.
HTH
Priscilla
> > AFAIK, DNS does not use random ports, however just like most TCP session,
> > the source port will always be a random port above 1023.
>
> >
> > ------------
> > From: Frank Wells [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, November 06, 2000 12:02 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: DNS Problem
> >
> >
> > I believe DNS uses random ports to communicate once it has established a
> > session using port 53. This means you would need to open up the ports
> > greater than 1023 for this to work. Perhaps someone can confirm this as
>my
> > recollection of this is a little shaky.
> >
> >
> > >From: "Millner, Gary" <[EMAIL PROTECTED]>
> > >Reply-To: "Millner, Gary" <[EMAIL PROTECTED]>
> > >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> > >Subject: DNS Problem
> > >Date: Mon, 6 Nov 2000 12:14:30 -0500
> > >
> > >I have a unique problem. I'm trying to put our firewall up using the
>Cisco
> >
> > >IOS access-list commands. When I put it in place, with TCP and UDP ports
> > >53
> > >open, DNS will not work. We are using Windows 2000 Server as our DNS
> > >Server. Is there a bug in Windows 2000? Or does Windows 2000 use an
> > >additional port for DNS that I'm not aware of.
> > >
> > >Thanks.
> > >
> > >Gary Millner
> > >[EMAIL PROTECTED]
> > >
> > >
> > >
> > >_________________________________
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > _________________________________________________________________________
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
