SOLVED! (was: Re: How do I disable high ports?)

[Mark]

<phn at icke-reklam.ipsec.nu> wrote in message
news:b16mae$pfa$1 at nyheter.crt.se...

> Older firewall admins have been observed to think that dns traffic
> is from port 53 to port 53. That is wrong.


I am happy to report that the issue is resolved now. :) A decent chap on a
FreeBSD mailing list had the answer.

Upon further investigation, it appears a faulty router caused outgoing NAT
packets to not always keep the same port. Hence, causing UDP domain packets
with a destination port of 53 to be replaced with a random higher port.
Although many DNS servers picked up on the alternate port anyway, several
did not (and rightly so).

P.S. I am not THAT old. :)

- Mark