Yes.
Basically dns lookups can be both port 53->53 and >1023-> 53
They can also use udp and/or TCP.
I'm just a *nix hacker but, in I *think* bind 8 there is a config knob
to set this behavior.
ere it is from my linux machine.
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
In my previous job, the unix guys upgraded the verion of bind and all dns
stopeed due to the router access-lists.
HTH
-Kirk
On Tue, 14 Nov 2000, jackie xu wrote:
> i am building a access list on a router to filter the dns lookup,
> i am wondering whether the source and destination udp port are both
> domain(53) or the source port is choosed randomly when a client query
> the dns server, and how about the situation is when domain file transfer
> happens.
>
> thanks advanced.
>
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
