Re: What port shoud be opened for the dns server
From: Kasper Dupont (kasperd@daimi.au.dk)Date: 07/13/02
- Next message: John Wingate: "Re: iptables, few questions."
- Previous message: svek: "Re: What port shoud be opened for the dns server"
- In reply to: svek: "Re: What port shoud be opened for the dns server"
- Next in thread: svek: "Re: What port shoud be opened for the dns server"
- Reply: svek: "Re: What port shoud be opened for the dns server"
- Reply: Mark Damrose: "Re: What port shoud be opened for the dns server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Kasper Dupont <kasperd@daimi.au.dk> Date: Sat, 13 Jul 2002 16:12:53 +0200
svek wrote:
>
> "Mark Damrose" <mdamrose@elgin.cc.il.us> wrote in
> news:agp6d3$nlkc8$1@ID-125530.news.dfncis.de:
>
> > It's actually the response. The initial request is almost always made
> > with udp. If the response does not fit in 1 packet (512 bytes IIRC)
> > then a bit is set to indicate the response was truncated, and the
> > client should retry with tcp.
What if the domainname you want to look up is longer than
512 bytes?
> > And if internal clients are making requests, the DNS server will need
> > to be able to get out to the internet - so you should allow outbound
> > from the DNS server to anywhere with a destination port of udp or tcp
> > 53. I'm not sure what the NT4 box does. Older DNS servers had source
> > ports of 53, newer ones generally use random ports 1024 or greater.
>
> why would DNS use a unpriviliged source port of >1024 when 53 is reserved
> and always has been for DNS? sounds like a stupid plan to me, but then
> again I've never heard of it.
Port 53 is reserved for DNS server, the client can be on any
port number. And when a DNS server has to send a query to
another server it is actually acting as a client. For UDP
queries it could use the same port, but it doesn't have to.
I cannot see how it could use port 53 for TCP queries.
-- Kasper Dupont -- der bruger for meget tid på usenet. For sending spam use mailto:razrep@daimi.au.dk or mailto:mcxumhvenwblvtl@skrammel.yaboo.dk
- Next message: John Wingate: "Re: iptables, few questions."
- Previous message: svek: "Re: What port shoud be opened for the dns server"
- In reply to: svek: "Re: What port shoud be opened for the dns server"
- Next in thread: svek: "Re: What port shoud be opened for the dns server"
- Reply: svek: "Re: What port shoud be opened for the dns server"
- Reply: Mark Damrose: "Re: What port shoud be opened for the dns server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
