Re: strange traffic on UDP port 53

Valdis.Kletnieks_at_vt.edu
Date: 06/07/03

  • Next message: James C. Slora Jr.: "Re: Help with an odd log file..." 
    To: Mike <mike@coenholdings.ie>
Date: Fri, 06 Jun 2003 21:04:03 -0400

    On Fri, 06 Jun 2003 08:39:52 BST, Mike <mike@coenholdings.ie> said:

    > belonged to our ISP. On querying them about this odd behavior the
    > explanation given (and other evidence seems to bear this out) was that
    > our mail server was performing DNS lookups for the delivery of mail and
    > on behalf of our internal network as it was configured as a forwarder
    > because it was behind a firewall. The IP address in question was merely
    > replying to DNS queries which had been forwarded to it by our ISPs'

    The scenario there would have your site sending packets with an ephemeral
    port number to the DNS server's port 53, and the return packets stopped
    at the firewall would have a *source* port 53 and an ephemeral destination.

    In the OP's case, the *destination* port was 53, which indicates that somebody
    thinks that the mail server target is also providing DNS service.

  • Next message: James C. Slora Jr.: "Re: Help with an odd log file..."

    Relevant Pages

    • RE: strange traffic on UDP port 53
      ... Replies to DNS queries should be coming FROM port 53, ... > found a similar problem with packets being stopped by our firewall. ... The destination IP is our mail server (not ...
      (Incidents)
    • Re: Setting up own domain and mailserver
      ... >>nameserver on godaddy to my box's dyndns address? ... You certainly need a DNS server. ... Unless you're describing port redirection of some kind, ... > for your mail server on port 25, ...
      (freebsd-questions)
    • Re: Setting up own domain and mailserver
      ... I would like to also do my own DNS to learn ... Why couldn't I just set up sendmail to use a port ... It's receiving that's the problem. ... When a mail server tries to deliver mail to mynewdomain.com, ...
      (freebsd-questions)
    • RE: strange traffic on UDP port 53
      ... After deploying a new mail server/internet gateway (behind a firewall) I ... replying to DNS queries which had been forwarded to it by our ISPs' ... again on the next available port. ... The destination IP is our mail server (not ...
      (Incidents)
    • Re: DNS revers lookup and mail server
      ... DNS IP result you'll be good to go ... > A reverse DNS lookup takes the IP address that's trying to make the ... > resolves to lyris.com. ... Joe User respond to sender - email goes out and is reaching mail server ...
      (microsoft.public.exchange.connectivity)