RE: What UDP port to open to enable w2k server to surf the web us ing domain names

From: Turner, Keith (TurnerL@tea-emh1.army.mil)
Date: 03/14/02


From: "Turner, Keith" <TurnerL@tea-emh1.army.mil>
To: 'Joseph Tan' <joseph_tan01@pacific.net.sg>, "Zimin, Alex" <alex@towerrecords.com>, "'Williams, Kevin'" <KWilliams@sark.com>, 'Patrick Nolan' <pnolan01@nycap.rr.com>, focus-ms@securityfocus.com
Date: Thu, 14 Mar 2002 11:25:34 -0500


 UDP does not work well with TCP/IP filtering. I've ran into the same thing
you have - my solution was to setup a hosts file for the few domain names I
needed to resolve. UDP is connectionless, so Win2k does not recognize that
the answer from the DNS server, on a random high numbered port, is an answer
from the request you sent out a split second ago.

Keith

-----Original Message-----
From: Joseph Tan [mailto:joseph_tan01@pacific.net.sg]
Sent: Thursday, March 14, 2002 11:07 AM
To: Zimin, Alex; 'Williams, Kevin'; 'Patrick Nolan';
focus-ms@securityfocus.com
Subject: What UDP port to open to enable w2k server to surf the web
using domain names

hi all

I have a question and hope that something can advise me.

I have a w2k web server and have TCP/IP filtering enabled. When I permit
only TCP 80, 443 and UDP 53 to pass through,
my web server cannot access the web using domain name. Ping IP address is
sucessful whereas ping domain names failed.

But when I permit UDP all, I can surf the web using domain names withou any
problem. So the question is which UDP port do I need to open to enable my
w2k web server to access the web? I thought UDP 53 should be good enough.

regards

Joseph



Relevant Pages