From owner-freebsd-questions  Wed Apr 24  6:28: 1 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60])
	by hub.freebsd.org (Postfix) with ESMTP id 7032637B405
	for <freebsd-questions@freebsd.org>; Wed, 24 Apr 2002 06:27:53 -0700 (PDT)
Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV 
          with ESMTP; Wed, 24 Apr 2002 14:26:19 +0100
Received: from cmjg (helo=localhost)	by mail.ilrt.bris.ac.uk 
          with local-esmtp (Exim 3.16 #1)	id 170Mkk-0000R7-00;
          Wed, 24 Apr 2002 14:24:10 +0100
Date: Wed, 24 Apr 2002 14:24:10 +0100 (BST)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
X-X-Sender: cmjg@mail.ilrt.bris.ac.uk
To: Benjamin Krueger <benjamin@macguire.net>
Cc: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>,
	freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: DNS port Number, Protocol
In-Reply-To: <20020423214716.I56505@rain.macguire.net>
Message-ID: <Pine.GSO.4.44.0204241422250.23534-100000@mail.ilrt.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 23 Apr 2002, Benjamin Krueger wrote:

> * Kevin Kinsey, DaleCo, S.P. (kdk@daleco.biz) [020423 21:36]:
> > > From: "Benjamin Krueger" <benjamin@macguire.net>
> > > * Kevin Kinsey, DaleCo, S.P. (kdk@daleco.biz) [020422 16:07]:
> > > > I've been having some DNS troubles
> > > > with AT&T wireless (!) and my server.
> > > >
> > > > Everyone says my DNS is fine (except
> > > > AT&T).  Some lightning bolt just hit me and
> > > > I decided to check if upd/53 was open
> > > > from outside....it isn't.
> > > >
> > > > What's the chance that whatever they're
> > > > using wants upd/53 instead of tcp/53?
> > > >
> > > > Kevin Kinsey
> > >
> > > Well, considering DNS uses udp 53, and only falls back on tcp 53 for
> > overly
> > > large transfers I'd say the chances are pretty good. =)
> > >
> > > Can you describe the actual problem you're having?
> > >
> > > --
> > > Benjamin Krueger
> > >
> > New thought is that blocked ICMP echo request
> > does not allow their server to utilize UDP port
> > #53 for DNS.....sound likely?
> >
> > Kevin Kinsey
>
> While blocking ICMP is not always the most clever of ideas, it shouldn't
> prevent UDP from working. Your best bet here is to pull out your trusty packet
> sniffer and watch to see if the dns server is recieving any of the packets.

I don't know if this has already been covered, but if you've opened up
port 53 (UDP _and_ TCP) and you want your named to be able to resolve,
as well as answer queries, then you need to ensure it's sending its own
queries on port 53. By default, I think it still uses transient port
numbers (which, on recent stable, have moved up into the high port
range).

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
Semantic rules, OK?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message